Security Vulnerabilities - CVEs Published In May 2020
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-25
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.
CVSS Score
9.8
EPSS Score
0.026
Published
2020-05-25
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.033
Published
2020-05-25
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-05-24
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-05-24
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-05-24
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-05-24
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-05-24
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-05-24
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-24