Skip to main content
CVE-2020-25592 CRITICAL POC PATCH THREAT Emergency

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Salt Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
57.5%
CVE-2020-16846 CRITICAL POC KEV PATCH THREAT Emergency

An issue was discovered in SaltStack Salt through 3002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Salt Debian Linux Fedora Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
99.6%
CVE-2020-26214 CRITICAL POC PATCH THREAT Act Now

In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Alerta
NVD GitHub
CVSS 3.1
9.8
EPSS
65.9%
CVE-2020-28250 CRITICAL POC Act Now

Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nvt Web Server
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-3284 CRITICAL Act Now

A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Apple A9K Rsp880 Se Firmware Ios Xr +42
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-25172 CRITICAL Act Now

A relative path traversal attack in the B. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Onlinesuite Application Package
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-26892 CRITICAL PATCH Act Now

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Nats Server Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-5648 CRITICAL Act Now

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Coreos
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-5647 CRITICAL Act Now

Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coreos
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-5644 CRITICAL Act Now

Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Coreos
NVD
CVSS 3.1
9.8
EPSS
4.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy