Skip to main content
CVE-2020-5426 CRITICAL Act Now

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pivotal Scheduler
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-7768 CRITICAL PATCH Act Now

The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Grpc
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-17051 CRITICAL PATCH Act Now

Windows Network File System Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
9.8
EPSS
9.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy