|
200091
|
4.3 |
MEDIUM
Network
|
apple
|
apple_tv
|
This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app.
|
NVD-CWE-noinfo
|
CVE-2020-27940
|
2024-11-21 14:22 |
2021-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200092
|
6.1 |
MEDIUM
Network
|
eyoucms
|
eyoucms
|
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28146
|
2024-11-21 14:22 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200093
|
7.8 |
HIGH
Local
|
prusa3d
|
prusaslicer
|
A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead …
|
CWE-416
Use After Free
|
CVE-2020-28594
|
2024-11-21 14:22 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200094
|
9.8 |
CRITICAL
Network
|
easycorp
|
zentao
|
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28165
|
2024-11-21 14:22 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200095
|
8.8 |
HIGH
Network
|
tinyobjloader_project
|
tinyobjloader
|
An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to cod…
|
CWE-129
Improper Validation of Array Index
|
CVE-2020-28589
|
2024-11-21 14:22 |
2021-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200096
|
5.3 |
MEDIUM
Network
|
siemens
|
cpu_1504d_tf_firmware
cpu_1507d_tf_firmware
cpu_1515sp_pc2_tf_firmware
simatic_s7_plcsim_advanced_firmware
simatic_s7-1500_software_controller
tim_1531_irc_firmware
cpu_1211c_firmwa…
|
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC…
|
CWE-863
Incorrect Authorization
|
CVE-2020-28397
|
2024-11-21 14:22 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200097
|
9.8 |
CRITICAL
Network
|
jeecg
|
jeecg_boot
|
An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28088
|
2024-11-21 14:22 |
2021-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200098
|
7.5 |
HIGH
Network
|
jeecg
|
jeecg_boot
|
A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information.
|
CWE-89
SQL Injection
|
CVE-2020-28087
|
2024-11-21 14:22 |
2021-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200099
|
7.5 |
HIGH
Network
|
siemens
|
dk_standard_ethernet_controller_evaluation_kit_firmware
ek-ertec_200_evaulation_kit_firmware
ek-ertec_200p_evaluation_kit_firmware
ruggedcom_rm1224_firmware
scalance_m-800_firmware
sca…
|
Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets ar…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-28400
|
2024-11-21 14:22 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200100
|
7.8 |
HIGH
Local
|
prusa3d
|
prusaslicer
|
An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28598
|
2024-11-21 14:22 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
