Skip to main content
CVE-2020-24978 CRITICAL POC Act Now

In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netwide Assembler
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-24987 CRITICAL Act Now

Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda RCE Authentication Bypass Ac18 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-7730 CRITICAL PATCH Act Now

The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Bestzip
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-25023 CRITICAL PATCH Act Now

An issue was discovered in Noise-Java through 2020-08-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Java Information Disclosure Noise Java
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-25022 CRITICAL PATCH Act Now

An issue was discovered in Noise-Java through 2020-08-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Java Information Disclosure Noise Java
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-25021 CRITICAL PATCH Act Now

An issue was discovered in Noise-Java through 2020-08-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Java Information Disclosure Noise Java
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-1911 CRITICAL PATCH Act Now

A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Memory Corruption Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy