Skip to main content
CVE-2020-7060 CRITICAL POC PATCH Act Now

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Tenable Sc Communications Diameter Signaling Router +2
NVD
CVSS 3.1
9.1
EPSS
8.9%
CVE-2020-7059 CRITICAL POC PATCH Act Now

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Tenable Sc Communications Diameter Signaling Router +2
NVD
CVSS 3.1
9.1
EPSS
7.1%
CVE-2020-8840 CRITICAL PATCH Act Now

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Jackson Databind Debian Linux Oncommand Api Services +5
NVD GitHub
CVSS 3.1
9.8
EPSS
26.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy