|
200951
|
7.5 |
HIGH
Network
|
epignosishq
|
efront
|
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. A…
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2020-28597
|
2024-11-21 14:22 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200952
|
6.5 |
MEDIUM
Network
|
slic3r
fedoraproject
|
libslic3r
fedora
|
An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-28591
|
2024-11-21 14:22 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200953
|
7.8 |
HIGH
Local
|
saltstack
fedoraproject
debian
|
salt
fedora
debian_linux
|
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any u…
|
CWE-77
Command Injection
|
CVE-2020-28243
|
2024-11-21 14:22 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200954
|
9.1 |
CRITICAL
Network
|
bestit
|
amazon_pay
|
best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor.
|
CWE-200
Information Exposure
|
CVE-2020-28199
|
2024-11-21 14:22 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200955
|
7.8 |
HIGH
Local
|
openscad
fedoraproject
|
openscad
fedora
|
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attack…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28599
|
2024-11-21 14:22 |
2021-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200956
|
7.8 |
HIGH
Local
|
softmaker
|
planmaker_2021
|
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, whic…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28587
|
2024-11-21 14:22 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200957
|
9.8 |
CRITICAL
Network
|
geojson2kml_project
|
geojson2kml
|
All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})
|
CWE-78
OS Command
|
CVE-2020-28429
|
2024-11-21 14:22 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200958
|
8.8 |
HIGH
Network
|
png-img_project
|
png-img
|
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading …
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-28248
|
2024-11-21 14:22 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200959
|
8.8 |
HIGH
Network
|
smartstore
|
smartstorenet
|
An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin accoun…
|
CWE-352
Origin Validation Error
|
CVE-2020-27997
|
2024-11-21 14:22 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200960
|
9.8 |
CRITICAL
Network
|
merge_project
|
merge
|
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .
|
NVD-CWE-noinfo
|
CVE-2020-28499
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
