Security Vulnerabilities - Known exploited
CVE-2020-2506
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
Known exploited
CVSS Score
7.3
EPSS Score
0.18
Published
2021-02-03
CVE-2020-25506
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.939
Published
2021-02-02
CVE-2020-29557
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.898
Published
2021-01-29
CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Known exploited
CVSS Score
7.8
EPSS Score
0.925
Published
2021-01-26
CVE-2020-36193
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Known exploited
CVSS Score
7.5
EPSS Score
0.711
Published
2021-01-18
CVE-2020-6572
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Known exploited
CVSS Score
8.8
EPSS Score
0.191
Published
2021-01-14
CVE-2021-1647
Microsoft Defender Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.779
Published
2021-01-12
CVE-2021-3129
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2021-01-12
CVE-2020-16013
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Known exploited
CVSS Score
8.8
EPSS Score
0.261
Published
2021-01-08
CVE-2020-16017
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Known exploited
CVSS Score
9.6
EPSS Score
0.214
Published
2021-01-08