Skip to main content
CVE-2020-11975 CRITICAL POC PATCH THREAT Act Now

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Java Information Disclosure Unomi
NVD
CVSS 3.1
9.8
EPSS
29.9%
CVE-2020-10071 CRITICAL PATCH Act Now

The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-10070 CRITICAL PATCH Act Now

In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-10062 CRITICAL PATCH Act Now

An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-4450 CRITICAL PATCH Act Now

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE IBM Deserialization Websphere Application Server
NVD
CVSS 3.1
9.8
EPSS
33.9%
CVE-2020-4448 CRITICAL PATCH Act Now

IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE IBM Deserialization Websphere Application Server Websphere Virtual Enterprise
NVD
CVSS 3.1
9.8
EPSS
12.2%
CVE-2020-13841 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-13840 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-13839 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy