Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2020
CVE-2020-25790
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2
CVSS Score
7.2
EPSS Score
0.41
Published
2020-09-19
CVE-2020-25791
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-19
CVE-2020-25792
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-19
CVE-2020-25793
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-19
CVE-2020-25794
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-19
CVE-2020-25795
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-19
CVE-2020-25796
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-19
CVE-2020-25787
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
CVSS Score
9.8
EPSS Score
0.138
Published
2020-09-19
CVE-2020-25788
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.
CVSS Score
8.1
EPSS Score
0.005
Published
2020-09-19
CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
CVSS Score
6.1
EPSS Score
0.005
Published
2020-09-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved