CVE-2020-5529

HIGH Year: 2020
CVSS v3 Score
8.1
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-665
View all →

Vulnerability Description

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.

Related Vulnerabilities

CVE-2016-9594

HIGH
CVSS:8.1(High)

curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes th...

CWE-6652016

CVE-2020-12301

HIGH
CVSS:8.2(High)

Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-6652020

CVE-2023-32467

HIGH
CVSS:8.2(High)

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability le...

CWE-6652023

CVE-2007-3749

HIGH
CVSS:7.8(High)

The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary co...

CWE-6652007

CVE-2014-9942

HIGH
CVSS:7.8(High)

In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist.

CWE-6652014

CVE-2017-0723

HIGH
CVSS:7.8(High)

A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755.

CWE-6652017