Skip to main content
CVE-2020-7226 HIGH POC PATCH This Week

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Cryptacular Communications Services Gatekeeper Webcenter Sites +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-5224 HIGH PATCH This Week

In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

XSS Python Authentication Bypass Django User Sessions
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-5219 HIGH PATCH This Week

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Angular Expressions
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-6964 HIGH This Week

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apexpro Telemetry Server Firmware Carescape Central Station Mai700 Firmware Carescape Central Station Mas700 Firmware Clinical Information Center Mp100D Firmware +2
NVD
CVSS 3.1
8.6
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy