Skip to main content
CVE-2020-28442 CRITICAL POC PATCH Act Now

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Js Data
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-35467 CRITICAL Act Now

The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Docs
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-35466 CRITICAL Act Now

The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Blackfire Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35464 CRITICAL Act Now

Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Cloud Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35463 CRITICAL Act Now

Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Dynamic Apm
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35462 CRITICAL Act Now

Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Coscale Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-27068 CRITICAL PATCH Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-4747 CRITICAL Act Now

IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Connect
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-29663 CRITICAL PATCH Act Now

Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Icinga
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy