Skip to main content
CVE-2020-10250 CRITICAL POC Act Now

BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Direx Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-10233 CRITICAL POC Act Now

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure The Sleuth Kit
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%
CVE-2020-10232 CRITICAL PATCH Act Now

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption The Sleuth Kit Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-9758 CRITICAL Act Now

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Privilege Escalation PHP Livezilla
NVD GitHub
CVSS 3.1
9.6
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy