Skip to main content
CVE-2020-8461 HIGH POC This Week

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-35491 HIGH POC PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Deserialization Jackson Databind Service Level Manager Debian Linux +23
NVD GitHub
CVSS 3.1
8.1
EPSS
9.5%
CVE-2020-35490 HIGH POC PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Deserialization Jackson Databind Service Level Manager Debian Linux +22
NVD GitHub
CVSS 3.1
8.1
EPSS
7.7%
CVE-2020-8464 HIGH POC This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2020-8463 HIGH POC This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Path Traversal Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
5.9%
CVE-2020-27199 HIGH POC This Week

The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Magic Home Pro
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-25096 HIGH This Week

LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Platform Manager
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-25095 HIGH This Week

LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Platform Manager
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-29652 HIGH PATCH This Week

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service SSH
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-15294 HIGH This Week

Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Hypervisor Introspection
NVD
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy