Skip to main content
CVE-2020-28949 HIGH POC KEV PATCH THREAT Act Now

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Archive Tar Debian Linux Fedora Drupal
NVD GitHub
CVSS 3.1
7.8
EPSS
84.6%
CVE-2020-25989 HIGH POC PATCH This Week

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Pritunl Client Electron
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-28948 HIGH POC PATCH THREAT This Week

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Archive Tar Debian Linux Fedora Drupal
NVD GitHub
CVSS 3.1
7.8
EPSS
47.5%
CVE-2020-7559 HIGH POC PATCH This Week

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Ecostruxure Control Expert
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-28924 HIGH POC PATCH This Week

An issue was discovered in Rclone before 1.53.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rclone Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-8279 HIGH POC This Week

Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Nextcloud Information Disclosure Social
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2020-7572 HIGH PATCH This Week

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service SSRF XXE Webreports
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-7569 HIGH PATCH This Week

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Webreports
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-28213 HIGH PATCH This Week

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ecostruxure Control Expert
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-12495 HIGH This Week

Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Rsg35 Firmware Rsg45 Firmware Orsg35 Firmware Orsg45 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-13356 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
1.8%
CVE-2020-13355 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-7558 HIGH This Week

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-7557 HIGH This Week

A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-7556 HIGH This Week

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-7555 HIGH This Week

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-7554 HIGH This Week

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-7553 HIGH This Week

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2020-7552 HIGH This Week

A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-7551 HIGH This Week

A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-7550 HIGH This Week

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-7544 HIGH PATCH This Week

A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Operator Terminal Expert Runtime
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-28211 HIGH PATCH This Week

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Ecostruxure Control Expert
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-4701 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE IBM Microsoft Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-13359 HIGH This Week

The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Gitlab Authentication Bypass
NVD
CVSS 3.1
7.6
EPSS
0.8%
CVE-2020-7538 HIGH PATCH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ecostruxure Control Expert
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-25699 HIGH PATCH This Week

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-25698 HIGH PATCH This Week

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-28054 HIGH This Week

JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tsmmanager
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-8277 HIGH PATCH This Week

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js Fedora Blockchain Platform +5
NVD
CVSS 3.1
7.5
EPSS
54.2%
CVE-2020-7566 HIGH This Week

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M221 Firmware
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2020-7565 HIGH This Week

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M221 Firmware
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2020-12510 HIGH This Week

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Twincat Extended Automation Runtime
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2020-28209 HIGH PATCH This Week

A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Enterprise Server Installer
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy