|
200641
|
7.5 |
HIGH
Network
|
opensmtpd
fedoraproject
|
opensmtpd
fedora
|
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-35679
|
2024-11-21 14:27 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200642
|
6.1 |
MEDIUM
Network
|
pi-hole
|
pi-hole
|
The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to exe…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35659
|
2024-11-21 14:27 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200643
|
6.1 |
MEDIUM
Network
|
dart
|
http
|
An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP…
|
CWE-74
Injection
|
CVE-2020-35669
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200644
|
4.8 |
MEDIUM
Network
|
bigprof
|
online_invoicing_system
|
BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. …
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2020-35677
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200645
|
6.1 |
MEDIUM
Network
|
bigprof
|
online_invoicing_system
|
BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35676
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200646
|
7.5 |
HIGH
Network
|
redislabs
|
redisgraph
|
RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-35668
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200647
|
8.8 |
HIGH
Network
|
steedos
|
steedos
|
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoD…
|
CWE-89
SQL Injection
|
CVE-2020-35666
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200648
|
9.8 |
CRITICAL
Network
|
terra-master
|
terramaster_operating_system
|
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
|
CWE-78
OS Command
|
CVE-2020-35665
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200649
|
7.5 |
HIGH
Network
|
advanced_comment_system_project
|
advanced_comment_system
|
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623
|
CWE-22
Path Traversal
|
CVE-2020-35598
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200650
|
8.8 |
HIGH
Network
|
raysync
|
raysync
|
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can…
|
CWE-22
Path Traversal
|
CVE-2020-35370
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
