Skip to main content
CVE-2020-25462 CRITICAL POC Act Now

Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Moddable
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-27766 HIGH POC This Week

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-25465 HIGH POC This Week

Null Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Moddable
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-25464 HIGH POC This Week

Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Moddable
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-25463 HIGH POC This Week

Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Moddable
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-25461 HIGH POC This Week

Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Moddable
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-27408 HIGH POC This Week

OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Opensis
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-27348 MEDIUM POC PATCH This Month

In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Snapcraft Ubuntu Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
0.7%
CVE-2020-29565 MEDIUM POC PATCH This Month

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Horizon Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-27770 MEDIUM POC This Month

Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-28916 MEDIUM POC PATCH This Month

hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-25449 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cabot
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-29562 MEDIUM POC This Month

The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Glibc Fedora E Series Santricity Os Controller
NVD
CVSS 3.1
4.8
EPSS
1.5%
CVE-2020-16123 MEDIUM POC PATCH This Month

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Ubuntu Information Disclosure Ubuntu Linux
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-28950 HIGH This Week

The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Anti Ransomware Tool
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-5675 HIGH This Week

Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Gt2107 Wtbd Firmware Gt2107 Wtsd Firmware Gt2104 Rtbd Firmware +7
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-27773 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/gem-private.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.0%
CVE-2020-27772 LOW POC Monitor

A flaw was found in ImageMagick in coders/bmp.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27776 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux
NVD
CVSS 3.1
3.3
EPSS
0.9%
CVE-2020-27775 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/quantum.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27774 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27771 LOW POC Monitor

In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Integer Overflow Imagemagick Enterprise Linux +1
NVD
CVSS 3.1
3.3
EPSS
1.2%
CVE-2020-27767 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/quantum.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27765 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/segment.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.0%
CVE-2020-27409 MEDIUM PATCH This Month

OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Opensis
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-29561 MEDIUM This Month

An issue was discovered in SonicBOOM riscv-boom 3.0.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Risvc Boom
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy