Skip to main content
CVE-2020-6418 HIGH POC KEV THREAT Act Now

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +4
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
78.8%
CVE-2020-7061 CRITICAL POC PATCH Act Now

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Microsoft Information Disclosure Tenable Sc
NVD
CVSS 3.1
9.1
EPSS
4.0%
CVE-2020-6386 HIGH POC This Week

Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6384 HIGH POC This Week

Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-6383 HIGH POC This Week

Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +4
NVD
CVSS 3.1
8.8
EPSS
6.4%
CVE-2020-3837 HIGH POC KEV THREAT This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +4
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
16.1%
CVE-2020-9431 HIGH POC This Week

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Leap Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-9430 HIGH POC This Week

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora Leap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-9428 HIGH POC This Week

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Wireshark Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-7062 HIGH POC This Week

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Null Pointer Dereference Denial Of Service PHP Leap +2
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-3924 CRITICAL Act Now

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tat 77104G1 Firmware Tat 70432N Firmware Tat 71416G1 Firmware Tat 71832G1 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-3923 CRITICAL Act Now

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tat 77104G1 Firmware Tat 70432N Firmware Tat 71416G1 Firmware Tat 71832G1 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-7063 MEDIUM POC PATCH This Month

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Tenable Sc Debian Linux Leap
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-9434 CRITICAL PATCH Act Now

openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Lua Openssl
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-9433 CRITICAL PATCH Act Now

openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Lua Openssl
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-9432 CRITICAL PATCH Act Now

openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Lua Openssl
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-7043 CRITICAL PATCH Act Now

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn Fedora Backports Sle +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%
CVE-2020-6407 HIGH This Week

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-3868 HIGH PATCH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Memory Corruption Apple RCE +7
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-3865 HIGH PATCH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Memory Corruption Apple RCE +7
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3846 HIGH This Week

A buffer overflow was addressed with improved size validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Apple Icloud +6
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3843 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple Iphone Os Watchos
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-3825 HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Memory Corruption Apple RCE +6
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-5402 HIGH This Week

In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cf Deployment User Account And Authentication
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-3878 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Apple RCE Information Disclosure +7
NVD
CVSS 3.1
7.8
EPSS
9.2%
CVE-2020-3871 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3870 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-3860 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Ipados Iphone Os +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3858 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +1
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3857 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3856 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-3854 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-3853 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3845 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3842 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3840 HIGH This Week

An off by one issue existed in the handling of racoon configuration files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Ipados Iphone Os +2
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-3838 HIGH This Week

The issue was addressed with improved permissions logic. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-3834 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Watchos
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3829 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-3827 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3826 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Apple RCE Information Disclosure +7
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-9429 HIGH This Week

In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark Leap
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-3877 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Mac Os X +1
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-3861 HIGH This Week

The issue was addressed with improved permissions logic. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Itunes
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-3831 HIGH This Week

A race condition was addressed with improved locking. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Ipados Iphone Os
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2020-3862 MEDIUM PATCH This Month

A denial of service issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-3841 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-5400 MEDIUM This Month

Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Capi Release Cf Deployment
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-6864 MEDIUM This Month

ZTE E8820V3 router product is impacted by an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte E8820V3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-6863 MEDIUM This Month

ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte E8820V3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy