Skip to main content
CVE-2020-35693 HIGH POC This Week

On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Samsung Information Disclosure Android
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-29189 HIGH POC This Week

Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tos
NVD VulDB
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-11093 HIGH POC PATCH This Week

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Authentication Bypass Indy Node
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-28186 HIGH POC This Week

Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Tos
NVD
CVSS 3.1
7.3
EPSS
4.1%
CVE-2020-28169 HIGH POC PATCH This Week

The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT. Rated high severity (CVSS 7.0). Public exploit code available.

Information Disclosure Td Agent Builder Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
7.0
EPSS
1.2%
CVE-2020-24658 HIGH This Week

Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Arm Compiler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-9200 HIGH This Week

There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Imanager Neteco 6000
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5681 HIGH This Week

Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epsonnet Setupmanager Offirio Synergyware Printdirector
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-9120 HIGH This Week

CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloudengine 1800V
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-35680 HIGH PATCH This Week

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Opensmtpd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-35679 HIGH PATCH This Week

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opensmtpd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-27728 HIGH This Week

On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-27723 HIGH This Week

In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual server processing PingAccess requests may lead to a restart of the Traffic Management Microkernel (TMM) process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-27720 HIGH This Week

On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Carrier Grade Nat Big Ip Local Traffic Manager
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-27717 HIGH This Week

On BIG-IP DNS 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, undisclosed series of DNS requests may cause TMM to restart and generate a core file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Domain Name System
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-27716 HIGH This Week

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-27715 HIGH This Week

On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high (~100%) CPU utilization by the httpd daemon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-27714 HIGH This Week

On the BIG-IP AFM version 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when a Protocol Inspection Profile is attached to a FastL4 virtual server with the protocol field configured to either. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-27721 HIGH This Week

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, in a BIG-IP DNS / BIG-IP LTM GSLB deployment, under certain circumstances, the BIG-IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Domain Name System Big Ip Global Traffic Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-27718 HIGH This Week

When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-2504 HIGH This Week

If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Path Traversal Qes
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-2499 HIGH This Week

A hard-coded password vulnerability has been reported to affect earlier versions of QES. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Authentication Bypass Qes
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-28912 HIGH This Week

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure MariaDB
NVD
CVSS 3.1
7.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy