Skip to main content
CVE-2020-7061 CRITICAL POC PATCH Act Now

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Microsoft Information Disclosure Tenable Sc
NVD
CVSS 3.1
9.1
EPSS
4.0%
CVE-2020-3924 CRITICAL Act Now

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tat 77104G1 Firmware Tat 70432N Firmware Tat 71416G1 Firmware Tat 71832G1 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-3923 CRITICAL Act Now

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tat 77104G1 Firmware Tat 70432N Firmware Tat 71416G1 Firmware Tat 71832G1 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-9434 CRITICAL PATCH Act Now

openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Lua Openssl
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-9433 CRITICAL PATCH Act Now

openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Lua Openssl
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-9432 CRITICAL PATCH Act Now

openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Lua Openssl
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-7043 CRITICAL PATCH Act Now

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn Fedora Backports Sle +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy