|
210441
|
9.8 |
CRITICAL
Network
|
xmlquery_project
|
xmlquery
|
xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have u…
|
CWE-119
CWE-20
Incorrect Access of Indexable Resource ('Range Error')
Improper Input Validation
|
CVE-2020-25614
|
2024-11-21 14:18 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210442
|
7.8 |
HIGH
Local
|
gnuplot_project
|
gnuplot
|
gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.
|
CWE-415
Double Free
|
CVE-2020-25559
|
2024-11-21 14:18 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210443
|
9.8 |
CRITICAL
Network
|
rand_project
|
rand
|
An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2020-25576
|
2024-11-21 14:18 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210444
|
9.8 |
CRITICAL
Network
|
failure_project
|
failure
|
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerab…
|
CWE-843
Type Confusion
|
CVE-2020-25575
|
2024-11-21 14:18 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210445
|
7.5 |
HIGH
Network
|
hyper
|
http
|
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).
|
CWE-190
CWE-835
Integer Overflow or Wraparound
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-25574
|
2024-11-21 14:18 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210446
|
9.8 |
CRITICAL
Network
|
linked-hash-map_project
|
linked-hash-map
|
An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint.
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2020-25573
|
2024-11-21 14:18 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210447
|
7.5 |
HIGH
Network
|
thinkadmin
|
thinkadmin
|
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
|
CWE-22
Path Traversal
|
CVE-2020-25540
|
2024-11-21 14:18 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210448
|
7.5 |
HIGH
Network
|
webank
|
federated_ai_technology_enabler
|
An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-25459
|
2024-11-21 14:17 |
2022-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210449
|
6.5 |
MEDIUM
Network
|
osisoft
|
pi_vision
|
OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.
|
-
|
CVE-2020-25167
|
2024-11-21 14:17 |
2022-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210450
|
7.3 |
HIGH
Network
|
osisoft
|
pi_vision
|
A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, …
|
-
|
CVE-2020-25163
|
2024-11-21 14:17 |
2022-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
