Skip to main content
CVE-2020-9548 CRITICAL POC PATCH THREAT Act Now

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Active Iq Unified Manager Debian Linux Agile Plm +21
NVD GitHub
CVSS 3.1
9.8
EPSS
18.3%
CVE-2020-9547 CRITICAL POC PATCH THREAT Act Now

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Active Iq Unified Manager Debian Linux Autovue For Agile Product Lifecycle Management +12
NVD GitHub
CVSS 3.1
9.8
EPSS
18.7%
CVE-2020-9535 HIGH POC This Week

fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption D-Link Dir 615Jx10 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-9534 HIGH POC This Week

fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption D-Link Dir 615Jx10 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-9549 HIGH POC This Week

In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bounds write via a crafted PDF document. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Pdfresurrect Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-8437 HIGH POC THREAT This Week

The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Utorrent
NVD
CVSS 3.1
7.5
EPSS
12.0%
CVE-2020-8500 HIGH POC This Week

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Pandora Fms
NVD
CVSS 3.1
7.2
EPSS
3.5%
CVE-2020-6794 MEDIUM POC This Month

If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Thunderbird Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-9546 CRITICAL PATCH GHSA Act Now

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Active Iq Unified Manager Debian Linux +28
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-10018 CRITICAL Act Now

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple RCE Use After Free +6
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-1731 CRITICAL PATCH Act Now

A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keycloak Operator
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-8778 MEDIUM POC This Month

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Alfresco
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.6%
CVE-2020-8777 MEDIUM POC This Month

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Alfresco
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
3.2%
CVE-2020-8776 MEDIUM POC This Month

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Alfresco
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.7%
CVE-2020-6801 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 72. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6800 HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +3
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6799 HIGH PATCH This Week

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Microsoft Code Injection Firefox Firefox Esr
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-6796 HIGH This Week

A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox Firefox Esr
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-4283 HIGH This Week

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Information Queue
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2020-9540 HIGH This Week

Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Hitmanpro Alert
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-9545 HIGH This Week

Pale Moon 28.x before 28.8.4 has a segmentation fault related to module scripting, as demonstrated by a Lacoste web site. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Pale Moon
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5249 MEDIUM PATCH This Month

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

XSS Puma
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-5539 MEDIUM This Month

GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Grandit
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-6795 MEDIUM This Month

When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mozilla Thunderbird
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-6793 MEDIUM This Month

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-6798 MEDIUM This Month

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-4292 MEDIUM This Month

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 uses a cross-domain policy file that includes domains that should not be trusted which could disclose sensitive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Information Queue
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-6797 MEDIUM This Month

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-6792 MEDIUM This Month

When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Ubuntu Linux
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-8013 LOW Monitor

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for. Rated low severity (CVSS 2.5). No vendor patch available.

Information Disclosure Linux Enterprise Server Leap
NVD
CVSS 3.1
2.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy