CVE Tracker

Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\.

DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.

Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.

EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token.

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Netgear JGS516PE devices contain a missing function level access control vulnerability.

Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.

Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.

Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.

Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.

The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.

Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.

Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.

Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.

Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."