Skip to main content
CVE-2020-28328 HIGH POC THREAT Act Now

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Suitecrm
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
63.3%
CVE-2020-27347 HIGH POC PATCH This Week

In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Tmux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-27589 HIGH POC PATCH This Week

Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Hub Rest Api Python
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-15259 HIGH PATCH This Week

ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

RCE CSRF Ad Ldap Connector
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-3371 HIGH This Week

A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection RCE Integrated Management Controller
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-7198 HIGH This Week

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Oneview Synergy Composer Synergy Composer 2
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-10292 HIGH This Week

Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Visual Components Network License Server
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2020-3604 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Microsoft RCE Webex Meetings
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-3603 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Microsoft RCE Webex Meetings +1
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2020-3600 HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3595 HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3594 HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3593 HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3588 HIGH PATCH This Week

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Cisco RCE Microsoft Path Traversal Webex Meetings
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3573 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Microsoft RCE Webex Meetings +1
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-5794 HIGH This Week

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Nessus Network Monitor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25174 HIGH This Week

A DLL hijacking vulnerability in the B. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Onlinesuite Application Package
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25170 HIGH This Week

An Excel Macro Injection vulnerability exists in the export feature in the B. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Onlinesuite Application Package
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-15708 HIGH This Week

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu RCE Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3574 HIGH PATCH This Week

A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Ip Dect 210 Firmware Ip Dect 6825 Firmware Ip Phone 8811 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2020-3444 HIGH This Week

A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26213 HIGH PATCH This Week

In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Docker Teler
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-8580 HIGH This Week

SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service E Series Santricity Os Controller
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-27196 HIGH PATCH This Week

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Play Framework
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26883 HIGH PATCH This Week

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Play Framework
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26882 HIGH PATCH This Week

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Play Framework
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-10291 HIGH This Week

Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Visual Components Network License Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-28196 HIGH PATCH This Week

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kerberos 5 Fedora Active Iq Unified Manager Cloud Backup +7
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-26521 HIGH PATCH This Week

The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Nats Server Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-5649 HIGH This Week

Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coreos
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-5646 HIGH This Week

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Coreos
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-5645 HIGH This Week

Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Coreos
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-3556 HIGH This Week

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy