Skip to main content
CVE-2020-7692 CRITICAL POC PATCH Act Now

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Oauth Client Library For Java
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-7458 CRITICAL PATCH Act Now

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Freebsd
NVD
CVSS 3.1
9.8
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy