|
209121
|
5.3 |
MEDIUM
Network
|
ucms_project
|
ucms
|
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.
|
NVD-CWE-noinfo
|
CVE-2020-24981
|
2024-11-21 14:16 |
2020-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209122
|
5.4 |
MEDIUM
Network
|
appsbd
|
best_support_system
|
An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24963
|
2024-11-21 14:16 |
2020-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209123
|
9.8 |
CRITICAL
Network
|
noise-java_project
|
noise-java
|
An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access.
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2020-25023
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209124
|
9.8 |
CRITICAL
Network
|
noise-java_project
|
noise-java
|
An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access.
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2020-25022
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209125
|
9.8 |
CRITICAL
Network
|
noise-java_project
|
noise-java
|
An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access.
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2020-25021
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209126
|
7.5 |
HIGH
Network
|
laravel
|
laravel
|
An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions.
|
CWE-863
Incorrect Authorization
|
CVE-2020-24941
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209127
|
7.5 |
HIGH
Network
|
laravel
|
laravel
|
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.
|
CWE-20
Improper Input Validation
|
CVE-2020-24940
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209128
|
9.8 |
CRITICAL
Network
|
nasm
|
netwide_assembler
|
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.
|
CWE-415
Double Free
|
CVE-2020-24978
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209129
|
7.8 |
HIGH
Local
|
xpdfreader
|
xpdf
|
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24999
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209130
|
7.8 |
HIGH
Local
|
xpdfreader
|
xpdf
|
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binar…
|
CWE-665
Improper Initialization
|
CVE-2020-24996
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
