Skip to main content
CVE-2020-35579 HIGH POC This Week

tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Subconverter
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-35573 HIGH PATCH This Week

srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Postsrsd Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy