Skip to main content
CVE-2020-28877 CRITICAL POC Act Now

Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Wdr7400 Firmware Wdr7500 Firmware Wdr7660 Firmware +12
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-28845 HIGH POC This Week

A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Netskope
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-20740 HIGH POC PATCH This Week

PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Pdfresurrect Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-19667 HIGH POC This Week

Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-19668 MEDIUM POC This Month

Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2020-25839 CRITICAL Act Now

NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Identity Manager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-20739 MEDIUM POC PATCH This Month

im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libvips Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
2.0%
CVE-2020-28974 MEDIUM POC PATCH This Month

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
5.0
EPSS
0.5%
CVE-2020-13671 HIGH KEV PATCH THREAT This Week

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Drupal Fedora
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2020-4004 HIGH PATCH This Week

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption VMware Fusion +3
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2020-4005 HIGH PATCH This Week

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Cloud Foundation ESXi
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4739 HIGH PATCH This Week

IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE IBM Microsoft Db2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-26236 HIGH PATCH This Week

In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Scratchverifier
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-4937 HIGH PATCH This Week

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-5668 HIGH This Week

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service R00Cpu Firmware R01Cpu Firmware R02Cpu Firmware R04Cpu Firmware +24
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2020-7842 MEDIUM This Month

Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Wf2429Tb Firmware
NVD
CVSS 3.1
6.6
EPSS
1.5%
CVE-2020-4788 MEDIUM PATCH This Month

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. Rated medium severity (CVSS 4.7).

IBM Information Disclosure Vios Aix Fedora +3
NVD
CVSS 3.1
4.7
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy