Skip to main content
CVE-2020-6819 HIGH POC KEV THREAT This Week

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 3.1
8.1
EPSS
3.0%
CVE-2020-12128 HIGH POC This Week

DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Transfer Ifamily
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-6822 HIGH This Week

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-6820 HIGH KEV THREAT This Week

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 3.1
8.1
EPSS
6.3%
CVE-2020-5870 HIGH This Week

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Big Iq Centralized Management
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-12070 HIGH This Week

The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Information Disclosure Advanced Woo Search
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-11004 HIGH PATCH This Week

SQL Injection was discovered in Admidio before version 3.3.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Admidio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-6828 HIGH This Week

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Mozilla Path Traversal Firefox Esr
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-6821 HIGH This Week

When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
7.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy