Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-08 | CVE-2020-13428 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. | 7.8 |
| 2020-06-08 | CVE-2020-5304 | Improper Encoding or Escaping of Output vulnerability in Whitesourcesoftware Whitesource The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. | 7.5 |
| 2020-06-08 | CVE-2020-13625 | Improper Encoding or Escaping of Output vulnerability in multiple products PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. | 7.5 |
| 2020-06-08 | CVE-2020-12800 | Unrestricted Upload of File with Dangerous Type vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. | 7.5 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-06-08 | CVE-2020-13866 | Incorrect Default Permissions vulnerability in Qbik Wingate 9.4.1.5998 WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | 7.2 |
| 2020-06-08 | CVE-2020-9099 | Improper Authentication vulnerability in Huawei products Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. | 7.5 |
| 2020-06-08 | CVE-2020-6109 | Path Traversal vulnerability in Zoom 4.6.10 An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. | 7.5 |
| 2020-06-07 | CVE-2020-13909 | Unspecified vulnerability in Facade Ignition The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. | 7.5 |
| 2020-06-06 | CVE-2020-13871 | Use After Free vulnerability in multiple products SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | 7.5 |