Skip to main content
CVE-2020-5786 HIGH POC This Week

Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Trb245 Firmware
NVD
CVSS 3.1
8.8
EPSS
8.8%
CVE-2020-25017 HIGH POC This Week

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
8.3
EPSS
1.3%
CVE-2020-15678 HIGH This Week

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +4
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-15675 HIGH This Week

When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Use After Free Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-15674 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 80. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-15673 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Memory Corruption RCE Use After Free +5
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-15670 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox for Android 79. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Race Condition RCE Google +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-15669 HIGH This Week

When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption RCE Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-15667 HIGH This Week

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-15663 HIGH This Week

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mozilla Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-24620 HIGH This Week

Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Stealth
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-9491 HIGH PATCH This Week

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Nifi
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-9487 HIGH PATCH This Week

In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Nifi
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-9486 HIGH PATCH This Week

In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Nifi
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-11979 HIGH PATCH This Week

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Ant Gradle Fedora +34
NVD GitHub
CVSS 3.1
7.5
EPSS
8.2%
CVE-2020-25018 HIGH This Week

Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-4576 HIGH This Week

IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-8109 HIGH This Week

A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Engines
NVD
CVSS 3.1
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy