|
210811
|
9.8 |
CRITICAL
Network
|
articlecms_project
|
articlecms
|
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-20092
|
2024-11-21 14:11 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210812
|
6.5 |
MEDIUM
Network
|
mikrotik
|
routeros
|
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to inv…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-20267
|
2024-11-21 14:11 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210813
|
6.5 |
MEDIUM
Network
|
mikrotik
|
routeros
|
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-20265
|
2024-11-21 14:11 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210814
|
6.5 |
MEDIUM
Network
|
mikrotik
|
routeros
|
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due vi…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-20247
|
2024-11-21 14:11 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210815
|
6.5 |
MEDIUM
Network
|
mikrotik
|
routeros
|
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via th…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-20218
|
2024-11-21 14:11 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210816
|
6.1 |
MEDIUM
Network
|
dogtagpki
|
dogtagpki
|
A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-sit…
|
-
|
CVE-2020-1721
|
2024-11-21 14:11 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210817
|
9.8 |
CRITICAL
Network
|
apache
debian
fedoraproject
|
spamassassin
debian_linux
fedora
|
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of…
|
CWE-78
OS Command
|
CVE-2020-1946
|
2024-11-21 14:11 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210818
|
5.9 |
MEDIUM
Network
|
apache
|
hive
|
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-1926
|
2024-11-21 14:11 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210819
|
9.8 |
CRITICAL
Network
|
facebook
|
hhvm
|
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalid…
|
CWE-416
Use After Free
|
CVE-2020-1900
|
2024-11-21 14:11 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210820
|
7.5 |
HIGH
Network
|
facebook
|
hhvm
|
The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were sta…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-1899
|
2024-11-21 14:11 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
