Skip to main content
CVE-2020-13440 MEDIUM POC This Month

ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-13439 MEDIUM POC This Month

ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-13438 MEDIUM POC This Month

ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-13433 CRITICAL PATCH Act Now

Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Adminpanel
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-13435 MEDIUM POC This Month

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sqlite Fedora
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-13434 MEDIUM POC PATCH This Month

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Sqlite Debian Linux Fedora +12
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-13430 MEDIUM PATCH This Month

Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Grafana
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-13429 MEDIUM This Month

legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Grafana Piechart Panel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy