|
200211
|
5.4 |
MEDIUM
Network
|
dropouts
|
air_share
|
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2020-36489
|
2024-11-21 14:29 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200212
|
6.5 |
MEDIUM
Network
|
sky_file_project
|
sky_file
|
An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands.
|
CWE-22
Path Traversal
|
CVE-2020-36488
|
2024-11-21 14:29 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200213
|
6.1 |
MEDIUM
Network
|
swiftfiletransfer
|
swift_file_transfer
|
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36486
|
2024-11-21 14:29 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200214
|
7.8 |
HIGH
Local
|
madeportable
|
playable
|
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary c…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-36485
|
2024-11-21 14:29 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200215
|
7.5 |
HIGH
Network
|
arm
debian
|
mbed_tls
debian_linux
|
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2020-36476
|
2024-11-21 14:29 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200216
|
7.5 |
HIGH
Network
|
arm
siemens
debian
|
mbed_tls
logo\!_cmr2020_firmware
logo\!_cmr2040_firmware
simatic_rtu3031c_firmware
simatic_rtu3041c_firmware
simatic_rtu3030c_firmware
simatic_rtu3000c_firmware
debian_linux
|
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parame…
|
CWE-131
Incorrect Calculation of Buffer Size
|
CVE-2020-36475
|
2024-11-21 14:29 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200217
|
7.5 |
HIGH
Network
|
arm
siemens
debian
|
mbed_tls
logo\!_cmr2020_firmware
logo\!_cmr2040_firmware
simatic_rtu3031c_firmware
simatic_rtu3041c_firmware
simatic_rtu3030c_firmware
simatic_rtu3000c_firmware
debian_linux
|
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certifi…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-36478
|
2024-11-21 14:29 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200218
|
5.9 |
MEDIUM
Network
|
arm
|
mbed_tls
|
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certifica…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-36477
|
2024-11-21 14:29 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200219
|
9.8 |
CRITICAL
Network
|
safecurl_project
|
safecurl
|
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.
|
NVD-CWE-Other
|
CVE-2020-36474
|
2024-11-21 14:29 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200220
|
3.7 |
LOW
Network
|
ucweb
|
ucweb_uc
|
UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-36473
|
2024-11-21 14:29 |
2021-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
