Unknown · CVSS Not scored
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.
Published Aug 11, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
Published Aug 21, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function.
Published Aug 22, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.
Published Aug 16, 2023 · Updated Jul 9, 2026
Medium · CVSS 4.3
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
Published Aug 5, 2022 · Updated Jun 23, 2026
Medium · CVSS 5.5
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.
Exploitation of the vulnerability requires that a program process a specially crafted image file.
The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
Published Aug 17, 2020 · Updated May 29, 2026
High · CVSS 7.8 · CISA KEV
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .
Published Aug 19, 2020 · Updated Apr 13, 2026
High · CVSS 7.8
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
Published Aug 19, 2020 · Updated Dec 3, 2025
High · CVSS 7.1
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
Published Aug 19, 2022 · Updated Nov 20, 2025
Unknown · CVSS Not scored
jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
Published Aug 29, 2020 · Updated Nov 17, 2025
Unknown · CVSS Not scored
NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host.
Published Aug 21, 2020 · Updated Nov 4, 2025
Unknown · CVSS Not scored
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive.
Published Aug 21, 2020 · Updated Nov 4, 2025
Unknown · CVSS Not scored
NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code.
Published Aug 21, 2020 · Updated Nov 4, 2025
Unknown · CVSS Not scored
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery.
Published Aug 21, 2020 · Updated Nov 4, 2025
Unknown · CVSS Not scored
The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows.
Published Aug 21, 2020 · Updated Nov 4, 2025
Unknown · CVSS Not scored
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
Published Aug 11, 2023 · Updated Nov 3, 2025
Unknown · CVSS Not scored
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
Published Aug 11, 2023 · Updated Nov 3, 2025
High · CVSS 7
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.
Published Aug 6, 2020 · Updated Nov 3, 2025
Unknown · CVSS Not scored
LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.
Published Aug 17, 2020 · Updated Nov 3, 2025
Unknown · CVSS Not scored
A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.
Published Aug 22, 2023 · Updated Nov 3, 2025
Critical · CVSS 9.8 · CISA KEV
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
Published Aug 12, 2020 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
Published Aug 13, 2020 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.
Published Aug 17, 2020 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
Published Aug 17, 2020 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.
In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.
The update addresses the vulnerability by correcting how Windows validates file signatures.
Published Aug 17, 2020 · Updated Oct 21, 2025
Medium · CVSS 5.5 · CISA KEV
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.
For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).
When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
Published Aug 17, 2020 · Updated Oct 21, 2025
High · CVSS 8.6 · CISA KEV
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.
Published Aug 29, 2020 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.
Published Aug 31, 2020 · Updated Oct 21, 2025
Critical · CVSS 10
An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.
Published Aug 12, 2020 · Updated Aug 22, 2025
High · CVSS 8.8
The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.
Published Aug 8, 2025 · Updated Aug 8, 2025
Medium · CVSS 5.8
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device.
The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.
Published Aug 4, 2023 · Updated Jul 9, 2025
Medium · CVSS 5.4
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.
Published Aug 23, 2022 · Updated Jun 30, 2025
Medium · CVSS 5.3
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
Published Aug 21, 2020 · Updated Jun 4, 2025
Medium · CVSS 4.9
When an actor claims to have a given identity,
Philips SureSigns VS4, A.07.107 and prior
does not prove or insufficiently proves the claim is correct.
Published Aug 21, 2020 · Updated Jun 4, 2025
Medium · CVSS 6.3
Philips SureSigns VS4, A.07.107 and prior
does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Published Aug 21, 2020 · Updated Jun 4, 2025
Low · CVSS 2.1
Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
Published Aug 21, 2020 · Updated Jun 4, 2025
Medium · CVSS 6.5
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.
Published Aug 25, 2020 · Updated May 8, 2025
High · CVSS 7.5
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.
Published Aug 25, 2020 · Updated May 8, 2025
High · CVSS 7.2
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.
Published Aug 25, 2020 · Updated May 8, 2025
Critical · CVSS 9.8
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.
Published Aug 29, 2020 · Updated May 5, 2025
High · CVSS 7.8
Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
Published Aug 22, 2023 · Updated May 5, 2025
Medium · CVSS 6.5
Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.
Published Aug 22, 2023 · Updated May 5, 2025
Low · CVSS 3.3
Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
Published Aug 22, 2023 · Updated May 2, 2025
Critical · CVSS 10
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
Published Aug 30, 2021 · Updated Apr 23, 2025
Critical · CVSS 10
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
Published Aug 30, 2021 · Updated Apr 23, 2025
Critical · CVSS 10
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
Published Aug 30, 2021 · Updated Apr 23, 2025
Unknown · CVSS Not scored
A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Published Aug 13, 2020 · Updated Mar 24, 2025
Unknown · CVSS Not scored
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Published Aug 13, 2020 · Updated Mar 24, 2025
Unknown · CVSS Not scored
An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file.
Published Aug 4, 2021 · Updated Mar 5, 2025
Unknown · CVSS Not scored
A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Published Aug 13, 2020 · Updated Mar 4, 2025