Skip to main content
CVE-2020-28949 HIGH POC KEV PATCH THREAT Act Now

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Archive Tar Debian Linux Fedora Drupal
NVD GitHub
CVSS 3.1
7.8
EPSS
84.6%
CVE-2020-25989 HIGH POC PATCH This Week

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Pritunl Client Electron
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-28948 HIGH POC PATCH THREAT This Week

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Archive Tar Debian Linux Fedora Drupal
NVD GitHub
CVSS 3.1
7.8
EPSS
47.5%
CVE-2020-7559 HIGH POC PATCH This Week

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Ecostruxure Control Expert
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-28924 HIGH POC PATCH This Week

An issue was discovered in Rclone before 1.53.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rclone Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-8279 HIGH POC This Week

Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Nextcloud Information Disclosure Social
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2020-28350 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Sowasql
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-22394 MEDIUM POC This Month

In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-7561 CRITICAL PATCH Act Now

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Information Disclosure Easergy T300 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-28212 CRITICAL PATCH Act Now

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ecostruxure Control Expert
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-28951 CRITICAL Act Now

libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Openwrt
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-11831 CRITICAL Act Now

OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ovoicemanager
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-11830 CRITICAL Act Now

QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualityprotect
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-11829 CRITICAL Act Now

Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coloros
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-8278 MEDIUM POC This Month

Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Social
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-7572 HIGH PATCH This Week

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service SSRF XXE Webreports
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-7569 HIGH PATCH This Week

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Webreports
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-28213 HIGH PATCH This Week

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ecostruxure Control Expert
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-12495 HIGH This Week

Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Rsg35 Firmware Rsg45 Firmware Orsg35 Firmware Orsg45 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-13356 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
1.8%
CVE-2020-13355 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-7558 HIGH This Week

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-7557 HIGH This Week

A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-7556 HIGH This Week

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-7555 HIGH This Week

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-7554 HIGH This Week

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-7553 HIGH This Week

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2020-7552 HIGH This Week

A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-7551 HIGH This Week

A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-7550 HIGH This Week

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-7544 HIGH PATCH This Week

A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Operator Terminal Expert Runtime
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-28211 HIGH PATCH This Week

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Ecostruxure Control Expert
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-4701 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE IBM Microsoft Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-13359 HIGH This Week

The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Gitlab Authentication Bypass
NVD
CVSS 3.1
7.6
EPSS
0.8%
CVE-2020-7538 HIGH PATCH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ecostruxure Control Expert
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-25699 HIGH PATCH This Week

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-25698 HIGH PATCH This Week

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-28054 HIGH This Week

JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tsmmanager
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-8277 HIGH PATCH This Week

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js Fedora Blockchain Platform +5
NVD
CVSS 3.1
7.5
EPSS
54.2%
CVE-2020-7566 HIGH This Week

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M221 Firmware
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2020-7565 HIGH This Week

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M221 Firmware
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2020-12510 HIGH This Week

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Twincat Extended Automation Runtime
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2020-28209 HIGH PATCH This Week

A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Enterprise Server Installer
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2020-7573 MEDIUM PATCH This Month

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Webreports
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-12496 MEDIUM This Month

Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rsg35 Firmware Rsg45 Firmware Orsg35 Firmware Orsg45 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-25700 MEDIUM PATCH This Month

In moodle, some database module web services allowed students to add entries within groups they did not belong to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Moodle Fedora
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-28947 MEDIUM PATCH This Month

In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-28210 MEDIUM This Month

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ecostruxure Building Operation
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2020-25702 MEDIUM PATCH This Month

In Moodle, it was possible to include JavaScript when re-naming content bank items. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moodle Fedora
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-15710 MEDIUM This Month

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Pulseaudio
NVD
CVSS 3.1
6.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy