Skip to main content
CVE-2020-9301 HIGH PATCH This Week

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apple Spinnaker
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-7560 HIGH This Week

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ecostruxure Control Expert Unity Pro
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-17439 HIGH This Week

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Uip
NVD
CVSS 3.1
8.3
EPSS
3.1%
CVE-2020-24334 HIGH This Week

The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Uip
NVD
CVSS 3.1
8.2
EPSS
2.4%
CVE-2020-17437 HIGH PATCH This Week

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Uip Open Iscsi Sentron 3Va Com100 Firmware +8
NVD
CVSS 3.1
8.2
EPSS
2.8%
CVE-2020-27786 HIGH PATCH This Week

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Privilege Escalation Linux Memory Corruption Use After Free +6
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-28219 HIGH This Week

A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Geo Scada Expert 2019 Ecostruxure Geo Scada Expert 2020
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-24340 HIGH This Week

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Picotcp Picotcp Ng
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-24339 HIGH This Week

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Picotcp Picotcp Ng
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-24337 HIGH This Week

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Picotcp Picotcp Ng
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-17469 HIGH This Week

An issue was discovered in FNET through 4.6.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Fnet
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-17468 HIGH This Week

An issue was discovered in FNET through 4.6.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Fnet
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-17445 HIGH This Week

An issue was discovered in picoTCP 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Picotcp
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-17444 HIGH This Week

An issue was discovered in picoTCP 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Picotcp
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-17443 HIGH This Week

An issue was discovered in picoTCP 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Picotcp
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-17442 HIGH This Week

An issue was discovered in picoTCP 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integer Overflow Picotcp
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-17440 HIGH This Week

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Uip
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-13988 HIGH This Week

An issue was discovered in Contiki through 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Contiki Ng
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-13987 HIGH PATCH This Week

An issue was discovered in Contiki through 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Uip Open Iscsi Sentron 3Va Com100 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-13986 HIGH This Week

An issue was discovered in Contiki through 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Contiki
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-13985 HIGH This Week

An issue was discovered in Contiki through 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Contiki
NVD
CVSS 3.1
7.5
EPSS
4.8%
CVE-2020-13984 HIGH This Week

An issue was discovered in Contiki through 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Contiki
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-5949 HIGH This Week

On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-27713 HIGH This Week

In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7791 HIGH PATCH This Week

This affects the package i18n before 2.1.15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure I18N
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-27508 HIGH PATCH This Week

In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frappe
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-28838 LOW POC Monitor

Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Opencart
NVD Exploit-DB
CVSS 3.1
3.5
EPSS
0.4%
CVE-2020-25191 HIGH This Week

Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Compactrio Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7543 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Bmep584040 Firmware Modicon M580 Bmep582040 Firmware Modicon M580 Bmep586040 Firmware Modicon M580 Bmep585040 Firmware +12
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7542 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Bmep584040 Firmware Modicon M580 Bmep582040 Firmware Modicon M580 Bmep586040 Firmware Modicon M580 Bmep585040 Firmware +16
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7539 HIGH This Week

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +16
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7537 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Bmep584040 Firmware Modicon M580 Bmep582040 Firmware Modicon M580 Bmep586040 Firmware Modicon M580 Bmep585040 Firmware +15
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-7536 HIGH This Week

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7535 HIGH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +17
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-28217 HIGH This Week

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Easergy T300 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-28216 HIGH This Week

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Easergy T300 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-24637 HIGH This Week

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-24447 HIGH PATCH This Week

Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Adobe RCE Microsoft Lightroom
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2020-24440 HIGH PATCH This Week

Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Adobe RCE Prelude
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2020-28220 MEDIUM This Month

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Modicon M258 Firmware Somachine Somachine Motion
NVD VulDB
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-12149 MEDIUM This Month

The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Edgeconnect Enterprise
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2020-12148 MEDIUM This Month

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Edgeconnect Enterprise
NVD
CVSS 3.1
6.8
EPSS
2.1%
CVE-2020-15375 MEDIUM This Month

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-26264 MEDIUM PATCH This Month

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-26409 MEDIUM This Month

A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-25838 MEDIUM This Month

Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Filr
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-28218 MEDIUM This Month

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easergy T300 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-26411 MEDIUM This Month

A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2).

NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-17515 MEDIUM PATCH This Month

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.10.13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Airflow
NVD
CVSS 3.1
6.1
EPSS
16.0%
CVE-2020-27825 MEDIUM PATCH This Month

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). Rated medium severity (CVSS 5.7).

Race Condition Denial Of Service Linux Linux Kernel Enterprise Linux +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy