Skip to main content
CVE-2020-14931 CRITICAL POC Act Now

A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Dmitry
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-8165 CRITICAL POC PATCH THREAT Act Now

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Rails Debian Linux Leap
NVD
CVSS 3.1
9.8
EPSS
45.7%
CVE-2020-7679 CRITICAL POC Act Now

In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Casperjs
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy