Skip to main content
CVE-2020-24579 HIGH POC This Week

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl2888A Firmware
NVD
CVSS 3.1
8.8
EPSS
10.0%
CVE-2020-13547 HIGH POC This Week

A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-13570 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-13560 HIGH POC This Week

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-13557 HIGH POC THREAT This Week

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
71.1%
CVE-2020-28460 HIGH POC PATCH This Week

This affects the package multi-ini before 2.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Prototype Pollution Authentication Bypass Multi Ini
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-24581 HIGH POC THREAT This Week

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl2888A Firmware
NVD
CVSS 3.1
8.0
EPSS
12.6%
CVE-2020-35608 HIGH POC This Week

A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Azure Sphere
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2020-25106 HIGH POC This Week

Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Supremo
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-24580 HIGH POC This Week

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl2888A Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-24678 HIGH This Week

An authenticated user might execute malicious code under the user context and take control of the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Symphony Historian Symphony Operations
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-24677 HIGH This Week

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Symphony Historian Symphony Operations
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-24674 HIGH This Week

In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Symphony Historian Symphony Operations
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-14231 HIGH This Week

A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Hcl Client Application Access
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-29396 HIGH PATCH This Week

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Privilege Escalation Python Odoo
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-24676 HIGH This Week

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Symphony Historian Symphony Operations
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27337 HIGH This Week

An issue was discovered in Treck IPv6 before 6.0.1.68. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Ipv6
NVD
CVSS 3.1
7.3
EPSS
1.5%
CVE-2020-28641 HIGH This Week

In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Malwarebytes
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-27338 HIGH This Week

An issue was discovered in Treck IPv6 before 6.0.1.68. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Ipv6
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-24680 HIGH This Week

In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Authentication Bypass Symphony Historian Symphony Operations
NVD
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy