Skip to main content
CVE-2020-27386 HIGH POC THREAT Act Now

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g.,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flexdotnetcms
NVD GitHub
CVSS 3.1
8.8
EPSS
72.9%
CVE-2020-26804 HIGH POC This Week

In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-26803 HIGH POC This Week

In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-27385 HIGH POC This Week

Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Flexdotnetcms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-11208 HIGH POC This Week

Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Sd820 Firmware Sd821 Firmware Qcs603 Firmware +10
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-11207 HIGH POC This Week

Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Qualcomm Apq8052 Firmware Apq8056 Firmware Apq8076 Firmware +59
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-11206 HIGH POC This Week

Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Qualcomm Apq8098 Firmware Msm8998 Firmware Qcm4290 Firmware +51
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2020-11202 HIGH POC This Week

Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Qcm6125 Firmware Qcs410 Firmware +30
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-11201 HIGH POC This Week

Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Qualcomm Information Disclosure Qcm6125 Firmware Qcs410 Firmware Qcs603 Firmware +25
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2020-24573 HIGH POC This Week

BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Eibport Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26805 HIGH POC This Week

In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2020-12347 HIGH This Week

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Intel Data Center Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-8749 HIGH This Week

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Information Disclosure Active Management Technology Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-12321 HIGH PATCH This Week

Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Intel Dual Band Wireless Ac 3168 Firmware Dual Band Wireless Ac 8260 Firmware Dual Band Wireless Ac 8265 Firmware +8
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-7332 HIGH This Week

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Endpoint Security
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-26070 HIGH This Week

A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xr
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-2050 HIGH This Week

An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2020-12927 HIGH This Week

A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Amd Vbios Flash Tool Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-24525 HIGH This Week

Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Nuc 8 Mainstream G Kit Nuc8I5Inh Firmware Nuc 8 Mainstream G Kit Nuc8I7Inh Firmware Nuc 8 Mainstream G Mini Pc Nuc8I5Inh Firmware +20
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-24456 HIGH This Week

Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Board Id Tool
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-16273 HIGH This Week

In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Integer Overflow Armv8 M Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12350 HIGH This Week

Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Extreme Tuning Utility
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12346 HIGH This Week

Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Battery Life Diagnostic Tool
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12345 HIGH This Week

Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Data Center Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12336 HIGH This Week

Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Nuc 8 Mainstream G Kit Nuc8I5Inh Firmware Nuc 8 Mainstream G Kit Nuc8I7Inh Firmware Nuc 8 Mainstream G Mini Pc Nuc8I5Inh Firmware +20
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12335 HIGH This Week

Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Processor Identification Utility
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12334 HIGH This Week

Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Advisor Tools
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12333 HIGH This Week

Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Quickassist Technology
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12332 HIGH This Week

Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Hid Event Filter Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12331 HIGH This Week

Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Unite Cloud Service Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12330 HIGH This Week

Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Falcon 8 Uas Asctec Thermal Viewer Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12329 HIGH This Week

Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Vtune Profiler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12325 HIGH This Week

Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Microsoft Thunderbolt Dch Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12324 HIGH This Week

Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Microsoft Thunderbolt Dch Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12320 HIGH This Week

Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Microsoft Scs Add On For Microsoft Sccm
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8760 HIGH This Week

Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Integer Overflow Active Management Technology Firmware Cloud Backup
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8750 HIGH This Week

Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Memory Corruption Use After Free Intel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8744 HIGH PATCH This Week

Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Converged Security And Management Engine Server Platform Services Trusted Execution Engine +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8739 HIGH This Week

Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios Aff Bios Fas Bios +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-13771 HIGH This Week

Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ivanti Microsoft Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-13770 HIGH This Week

Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-12354 HIGH This Week

Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Microsoft Active Management Technology Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12318 HIGH PATCH This Week

Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Proset Wireless Wifi
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12307 HIGH This Week

Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel High Definition Audio Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12306 HIGH This Week

Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Realsense D400 Series Dynamic Calibration Tool
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12304 HIGH This Week

Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Microsoft Dynamic Application Loader Software Developement Kit
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12303 HIGH This Week

Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Intel Memory Corruption Converged Security And Manageability Engine +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12297 HIGH This Week

Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Microsoft Converged Security And Manageability Engine Trusted Execution Technology
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0590 HIGH PATCH This Week

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Xeon Bronze 3206R Firmware Xeon Gold 5218R Firmware Xeon Gold 5220R Firmware +134
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7331 HIGH This Week

Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy