|
197551
|
7.8 |
HIGH
Local
|
madeportable
|
playable
|
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary c…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-36485
|
2024-11-21 14:29 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197552
|
7.5 |
HIGH
Network
|
arm
debian
|
mbed_tls
debian_linux
|
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2020-36476
|
2024-11-21 14:29 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197553
|
7.5 |
HIGH
Network
|
arm
siemens
debian
|
mbed_tls
logo\!_cmr2020_firmware
logo\!_cmr2040_firmware
simatic_rtu3031c_firmware
simatic_rtu3041c_firmware
simatic_rtu3030c_firmware
simatic_rtu3000c_firmware
debian_linux
|
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parame…
|
CWE-131
Incorrect Calculation of Buffer Size
|
CVE-2020-36475
|
2024-11-21 14:29 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197554
|
7.5 |
HIGH
Network
|
arm
siemens
debian
|
mbed_tls
logo\!_cmr2020_firmware
logo\!_cmr2040_firmware
simatic_rtu3031c_firmware
simatic_rtu3041c_firmware
simatic_rtu3030c_firmware
simatic_rtu3000c_firmware
debian_linux
|
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certifi…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-36478
|
2024-11-21 14:29 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197555
|
5.9 |
MEDIUM
Network
|
arm
|
mbed_tls
|
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certifica…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-36477
|
2024-11-21 14:29 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197556
|
9.8 |
CRITICAL
Network
|
safecurl_project
|
safecurl
|
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.
|
NVD-CWE-Other
|
CVE-2020-36474
|
2024-11-21 14:29 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197557
|
3.7 |
LOW
Network
|
ucweb
|
ucweb_uc
|
UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-36473
|
2024-11-21 14:29 |
2021-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197558
|
9.8 |
CRITICAL
Network
|
amazon
|
amazon_cloudfront
|
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-36363
|
2024-11-21 14:29 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197559
|
5.9 |
MEDIUM
Network
|
max7301_project
|
max7301
|
An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander<EI> types that they contain.
|
NVD-CWE-noinfo
|
CVE-2020-36472
|
2024-11-21 14:29 |
2021-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197560
|
5.9 |
MEDIUM
Network
|
generator_project
|
generator
|
An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds.
|
NVD-CWE-noinfo
|
CVE-2020-36471
|
2024-11-21 14:29 |
2021-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
