|
209701
|
7.5 |
HIGH
Network
|
laravel
|
laravel
|
An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions.
|
CWE-863
Incorrect Authorization
|
CVE-2020-24941
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209702
|
7.5 |
HIGH
Network
|
laravel
|
laravel
|
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.
|
CWE-20
Improper Input Validation
|
CVE-2020-24940
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209703
|
9.8 |
CRITICAL
Network
|
nasm
|
netwide_assembler
|
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.
|
CWE-415
Double Free
|
CVE-2020-24978
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209704
|
7.8 |
HIGH
Local
|
xpdfreader
|
xpdf
|
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24999
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209705
|
7.8 |
HIGH
Local
|
xpdfreader
|
xpdf
|
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binar…
|
CWE-665
Improper Initialization
|
CVE-2020-24996
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209706
|
9.8 |
CRITICAL
Network
|
heybbs_project
|
heybbs
|
Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-25006
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209707
|
9.8 |
CRITICAL
Network
|
heybbs_project
|
heybbs
|
Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-25005
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209708
|
9.8 |
CRITICAL
Network
|
heybbs_project
|
heybbs
|
Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-25004
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209709
|
6.5 |
MEDIUM
Network
|
xmlsoft
debian
fedoraproject
opensuse
netapp
oracle
|
libxml2
debian_linux
fedora
leap
snapdrive
clustered_data_ontap
clustered_data_ontap_antivirus_connector
active_iq_unified_manager
manageability_software_development_kit
in…
|
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-24977
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209710
|
9.8 |
CRITICAL
Network
|
pancakeapp
|
pancake
|
Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-24876
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
