How severe is CVE-2020-15225?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2020-15225?

This is classified as CWE-681, which is a common weakness in software security.

CVE-2020-15225

MEDIUM Year: 2020

CVSS v3 Score

6.5

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-681

View all →

Vulnerability Description

django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a `MaxValueValidator` with a a default `limit_value` of 1e50 to the form field used by `NumberFilter` instances. In addition, `NumberFilter` implements the new `get_max_validator()` which should return a configured validator instance to customise the limit, or else `None` to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade.

CVE-2017-17446

MEDIUM

CVSS:6.5(Medium)

The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denia...

CWE-6812017

CVE-2018-5251

MEDIUM

CVSS:6.5(Medium)

In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause...

CWE-6812018

CVE-2019-19958

MEDIUM

CVSS:6.5(Medium)

In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service.

CWE-6812019

CVE-2021-0964

MEDIUM

CVSS:6.5(Medium)

In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privil...

CWE-6812021

CVE-2024-7747

MEDIUM

CVSS:6.5(Medium)

The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when tran...

CWE-6812024

CVE-2019-14842

HIGH

CVSS:7.3(High)

Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the ...

CWE-6812019

CVE-2020-15225

Vulnerability Description

Related Vulnerabilities

CVE-2017-17446

CVE-2018-5251

CVE-2019-19958

CVE-2021-0964

CVE-2024-7747

CVE-2019-14842