The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Ignition
NVD
GitHub
CVSS 3.1
9.8
EPSS
1.5%
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Buffer Overflow
Information Disclosure
Barebox
NVD
CVSS 3.1
9.1
EPSS
1.2%