Skip to main content
CVE-2020-35920 MEDIUM POC PATCH This Month

An issue was discovered in the socket2 crate before 0.3.16 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Socket2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35919 MEDIUM POC PATCH This Month

An issue was discovered in the net2 crate before 0.2.36 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Net2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35918 MEDIUM POC PATCH This Month

An issue was discovered in the branca crate before 0.10.0 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Branca
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-35917 MEDIUM POC PATCH This Month

An issue was discovered in the pyo3 crate before 0.12.4 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Pyo3
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35916 MEDIUM POC PATCH This Month

An issue was discovered in the image crate before 0.23.12 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Image
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35915 MEDIUM POC PATCH This Month

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Futures Intrusive
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35907 MEDIUM POC PATCH This Month

An issue was discovered in the futures-task crate before 0.3.5 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Futures Task
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35904 MEDIUM POC PATCH This Month

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Crossbeam Channel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35903 MEDIUM POC PATCH This Month

An issue was discovered in the dync crate before 0.5.0 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dync
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35900 MEDIUM POC This Month

An issue was discovered in the array-queue crate through 2020-09-26 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Array Queue
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35899 MEDIUM POC PATCH This Month

An issue was discovered in the actix-service crate before 1.0.6 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Actix Service
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35930 MEDIUM POC This Month

Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Seo Panel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-25799 MEDIUM POC PATCH This Month

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Limesurvey
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-25797 MEDIUM POC PATCH This Month

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Limesurvey
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-35892 CRITICAL PATCH Act Now

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Simple Slab
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-35883 CRITICAL PATCH Act Now

An issue was discovered in the mozwire crate through 2020-08-18 for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mozwire
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-35859 CRITICAL PATCH Act Now

An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Lucet Runtime Internals
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-35928 MEDIUM POC PATCH This Month

An issue was discovered in the concread crate before 0.2.6 for Rust. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Concread
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35905 MEDIUM POC PATCH This Month

An issue was discovered in the futures-util crate before 0.3.7 for Rust. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Future Utils
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-35889 HIGH This Week

An issue was discovered in the crayon crate through 2020-08-31 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Crayon
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-35871 HIGH PATCH This Week

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-35931 HIGH PATCH This Week

An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Apple Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2020-35743 HIGH This Week

HGiga MailSherlock contains a SQL injection flaw. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Msr45 Isherlock Antispam Msr45 Isherlock User Ssr45 Isherlock Antispam Ssr45 Isherlock User
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2020-35742 HIGH This Week

HGiga MailSherlock contains a vulnerability of SQL Injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Msr45 Isherlock Antispam Msr45 Isherlock User Ssr45 Isherlock Antispam Ssr45 Isherlock User
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2020-35896 HIGH This Week

An issue was discovered in the ws crate through 2020-09-25 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ws Rs
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-35894 HIGH PATCH This Week

An issue was discovered in the obstack crate before 0.1.4 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Obstack
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-35893 HIGH PATCH This Week

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simple Slab
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-35875 HIGH PATCH This Week

An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tokio Rustls
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-35865 HIGH PATCH This Week

An issue was discovered in the os_str_bytes crate before 2.0.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Os Str Bytes
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-35909 HIGH PATCH This Week

An issue was discovered in the multihash crate before 0.11.3 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Multihash
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-25850 HIGH This Week

The function, view the source code, of HGiga MailSherlock does not validate specific characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Msr45 Isherlock User Ssr45 Isherlock User
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-25842 HIGH This Week

The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nhiservisignadapter
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-13654 HIGH PATCH This Week

XWiki Platform before 12.8 mishandles escaping in the property displayer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-25846 HIGH This Week

The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Nhiservisignadapter
NVD
CVSS 3.1
7.4
EPSS
1.0%
CVE-2020-25845 HIGH This Week

Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Nhiservisignadapter
NVD
CVSS 3.1
7.4
EPSS
1.0%
CVE-2020-35884 MEDIUM PATCH This Month

An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Tiny Http Fedora
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-26291 MEDIUM PATCH This Month

URI.js is a javascript URL mutation library (npm package urijs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Node.js SSRF Uri Js
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-35741 MEDIUM This Month

HGiga MailSherlock does not validate user parameters on multiple login pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Msr45 Isherlock Antispam Msr45 Isherlock User Ssr45 Isherlock Antispam Ssr45 Isherlock User
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-35740 MEDIUM This Month

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Msr45 Isherlock Antispam Msr45 Isherlock User Ssr45 Isherlock Antispam Ssr45 Isherlock User
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-35927 MEDIUM This Month

An issue was discovered in the thex crate through 2020-12-08 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Thex
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-35910 MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Lock Api
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-35908 MEDIUM PATCH This Month

An issue was discovered in the futures-util crate before 0.3.2 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Future Utils
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-35897 MEDIUM PATCH This Month

An issue was discovered in the atom crate before 0.3.6 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Atom
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35886 MEDIUM This Month

An issue was discovered in the arr crate through 2020-08-25 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Arr
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35914 MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Lock Api
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35913 MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Lock Api
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35912 MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Lock Api
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35911 MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Lock Api
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-11947 LOW PATCH Monitor

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu
NVD
CVSS 3.1
3.8
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy