|
199811
|
9.1 |
CRITICAL
Network
|
zohocorp
|
manageengine_desktop_central
|
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server.
|
CWE-287
Improper Authentication
|
CVE-2020-28050
|
2024-11-21 14:22 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199812
|
9.8 |
CRITICAL
Network
|
cgal
fedoraproject
debian
|
computational_geometry_algorithms_library
fedora
debian_linux
|
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of…
|
-
|
CVE-2020-28601
|
2024-11-21 14:22 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199813
|
7.5 |
HIGH
Network
|
epignosishq
|
efront
|
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. A…
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2020-28597
|
2024-11-21 14:22 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199814
|
6.5 |
MEDIUM
Network
|
slic3r
fedoraproject
|
libslic3r
fedora
|
An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-28591
|
2024-11-21 14:22 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199815
|
7.8 |
HIGH
Local
|
saltstack
fedoraproject
debian
|
salt
fedora
debian_linux
|
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any u…
|
CWE-77
Command Injection
|
CVE-2020-28243
|
2024-11-21 14:22 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199816
|
9.1 |
CRITICAL
Network
|
bestit
|
amazon_pay
|
best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor.
|
CWE-200
Information Exposure
|
CVE-2020-28199
|
2024-11-21 14:22 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199817
|
7.8 |
HIGH
Local
|
openscad
fedoraproject
|
openscad
fedora
|
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attack…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28599
|
2024-11-21 14:22 |
2021-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199818
|
7.8 |
HIGH
Local
|
softmaker
|
planmaker_2021
|
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, whic…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28587
|
2024-11-21 14:22 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199819
|
9.8 |
CRITICAL
Network
|
geojson2kml_project
|
geojson2kml
|
All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})
|
CWE-78
OS Command
|
CVE-2020-28429
|
2024-11-21 14:22 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199820
|
8.8 |
HIGH
Network
|
png-img_project
|
png-img
|
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading …
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-28248
|
2024-11-21 14:22 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
