|
198111
|
5.5 |
MEDIUM
Local
|
xcb_project
|
xcb
|
An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.
|
CWE-415
CWE-416
Double Free
Use After Free
|
CVE-2020-36205
|
2024-11-21 14:29 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198112
|
4.7 |
MEDIUM
Local
|
im_project
|
im
|
An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.
|
NVD-CWE-noinfo
|
CVE-2020-36204
|
2024-11-21 14:29 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198113
|
4.7 |
MEDIUM
Local
|
reffers_project
|
reffers
|
An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.
|
CWE-362
CWE-787
Race Condition
Out-of-bounds Write
|
CVE-2020-36203
|
2024-11-21 14:29 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198114
|
6.1 |
MEDIUM
Network
|
rust-lang
|
async-h1
|
An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36202
|
2024-11-21 14:29 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198115
|
6.5 |
MEDIUM
Network
|
kaspersky
|
tinycheck
|
TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-36200
|
2024-11-21 14:29 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198116
|
9.8 |
CRITICAL
Network
|
kaspersky
|
tinycheck
|
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2020-36199
|
2024-11-21 14:29 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198117
|
7.5 |
HIGH
Network
|
xerox
|
workcentre_3655_firmware
workcentre_3655i_firmware
workcentre_5865_firmware
workcentre_5875_firmware
workcentre_5890_firmware
workcentre_5865i_firmware
workcentre_5875i_firmware
…
|
An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 79…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-36201
|
2024-11-21 14:29 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198118
|
7.5 |
HIGH
Network
|
cskaza
|
cszcms
|
SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php.
|
CWE-89
SQL Injection
|
CVE-2020-36136
|
2024-11-21 14:28 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198119
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_reader
|
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) vi…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-35990
|
2024-11-21 14:28 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198120
|
7.5 |
HIGH
Network
|
ffmpeg
|
ffmpeg
|
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-36138
|
2024-11-21 14:28 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
