Skip to main content
CVE-2020-11710 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in docker-kong (for Kong) through 2.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Information Disclosure Docker Kong
NVD GitHub
CVSS 3.1
9.8
EPSS
33.8%
CVE-2020-11705 CRITICAL POC Act Now

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Provide Ftp Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11707 HIGH POC This Week

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Provide Ftp Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-11706 HIGH POC This Week

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Provide Ftp Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-11701 HIGH POC This Week

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Provide Ftp Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-11725 HIGH POC This Week

snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-11713 HIGH POC PATCH This Week

wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-11709 HIGH POC This Week

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Cpp Httplib
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-11703 HIGH POC This Week

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Provide Ftp Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-11721 MEDIUM POC This Month

load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-11712 MEDIUM POC This Month

Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Open Upload
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-11704 MEDIUM POC This Month

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Provide Ftp Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11702 MEDIUM POC This Month

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Provide Ftp Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11722 CRITICAL PATCH Act Now

Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Dungeon Crawl Stone Soup
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-11708 CRITICAL Act Now

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Provide Ftp Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-11714 MEDIUM POC This Month

eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Location. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Psg 6528Vm Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-11724 HIGH PATCH This Week

An issue was discovered in OpenResty before 1.15.8.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Openresty Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy