Skip to main content
CVE-2020-1897 CRITICAL Act Now

A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence.05.18.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Proxygen
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-12856 CRITICAL Act Now

OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Abtracetogether Covidsafe +1
NVD GitHub
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-12258 CRITICAL Act Now

rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Rconfig
NVD GitHub
CVSS 3.1
9.1
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy