Skip to main content
CVE-2020-7457 HIGH POC PATCH THREAT Act Now

In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition RCE Freebsd
NVD
CVSS 3.1
8.1
EPSS
33.0%
CVE-2020-7692 CRITICAL POC PATCH Act Now

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Oauth Client Library For Java
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-13994 HIGH POC This Week

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Mods For Hesk
NVD
CVSS 3.1
8.8
EPSS
7.4%
CVE-2020-12426 HIGH POC This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 77. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-12420 HIGH POC This Week

When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Race Condition Mozilla Firefox Firefox Esr +3
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-12417 HIGH POC This Week

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Firefox Firefox Esr Thunderbird +2
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-12416 HIGH POC This Week

A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Race Condition Mozilla Firefox Leap
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-9377 HIGH POC KEV THREAT This Week

D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link PHP Dir 610 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
21.3%
CVE-2020-13993 HIGH POC This Week

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mods For Hesk
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-9376 HIGH POC THREAT This Week

D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link PHP Dir 610 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
16.6%
CVE-2020-15299 MEDIUM POC THREAT This Month

A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Kingcomposer
NVD
CVSS 3.1
6.1
EPSS
47.0%
CVE-2020-13992 MEDIUM POC This Month

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mods For Hesk
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-7458 CRITICAL PATCH Act Now

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Freebsd
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-15001 MEDIUM POC This Month

An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Yubikey 5 Nfc Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-12405 MEDIUM POC This Month

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Mozilla Firefox Firefox Esr +2
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-7693 MEDIUM POC PATCH This Month

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Sockjs
NVD GitHub
CVSS 3.1
5.3
EPSS
5.0%
CVE-2020-4305 HIGH This Week

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE IBM Deserialization Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-12422 HIGH This Week

In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox Leap
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-12419 HIGH This Week

When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Use After Free Mozilla Memory Corruption Firefox +4
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-12411 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 76. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-12410 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-12409 HIGH This Week

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-12406 HIGH This Week

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-15093 HIGH PATCH This Week

The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Tough
NVD GitHub
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-13132 MEDIUM POC This Month

An issue was discovered in Yubico libykpiv before 2.1.0. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libykpiv Piv Tool Manager Yubikey Smart Card Minidriver
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2020-13131 MEDIUM POC This Month

An issue was discovered in Yubico libykpiv before 2.1.0. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libykpiv Piv Tool Manager Yubikey Smart Card Minidriver
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-5604 HIGH This Week

Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Java RCE Mercari
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2020-12423 HIGH This Week

When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Mozilla Microsoft Firefox
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12398 HIGH This Week

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-14171 MEDIUM This Month

Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Information Disclosure Bitbucket
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-10756 MEDIUM PATCH This Month

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Libslirp Openstack Enterprise Linux +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-12425 MEDIUM This Month

Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-12421 MEDIUM This Month

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-12418 MEDIUM This Month

Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure Firefox Firefox Esr +3
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2020-12415 MEDIUM This Month

When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox Leap
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-12414 MEDIUM This Month

IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Apple Firefox
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-12408 MEDIUM This Month

When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-12407 MEDIUM This Month

Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-5366 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Idrac9 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-12424 MEDIUM This Month

When constructing a permission prompt for WebRTC, a URI was supplied from the content process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox Leap
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-15000 MEDIUM This Month

A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Yubikey 5 Nfc Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-15526 MEDIUM This Month

In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration >. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure VMware Sql Monitor
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-15092 MEDIUM PATCH This Month

In TimelineJS before version 3.7.0, some user data renders as HTML. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google WordPress Timelinejs
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-12402 MEDIUM This Month

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. Rated medium severity (CVSS 4.4). No vendor patch available.

Mozilla Information Disclosure Firefox Fedora Leap +1
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-12399 MEDIUM This Month

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. Rated medium severity (CVSS 4.4). No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
4.4
EPSS
0.7%
CVE-2020-4173 MEDIUM This Month

IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Insights Infosphere Guardium Activity Monitor
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-14170 MEDIUM This Month

Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian SSRF Bitbucket
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-12412 MEDIUM This Month

By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-12404 MEDIUM This Month

For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Apple Firefox
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy