|
199041
|
6.5 |
MEDIUM
Network
|
sky_file_project
|
sky_file
|
An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands.
|
CWE-22
Path Traversal
|
CVE-2020-36488
|
2024-11-21 14:29 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199042
|
6.1 |
MEDIUM
Network
|
swiftfiletransfer
|
swift_file_transfer
|
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36486
|
2024-11-21 14:29 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199043
|
7.8 |
HIGH
Local
|
madeportable
|
playable
|
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary c…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-36485
|
2024-11-21 14:29 |
2021-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199044
|
7.5 |
HIGH
Network
|
arm
debian
|
mbed_tls
debian_linux
|
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2020-36476
|
2024-11-21 14:29 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199045
|
7.5 |
HIGH
Network
|
arm
siemens
debian
|
mbed_tls
logo\!_cmr2020_firmware
logo\!_cmr2040_firmware
simatic_rtu3031c_firmware
simatic_rtu3041c_firmware
simatic_rtu3030c_firmware
simatic_rtu3000c_firmware
debian_linux
|
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parame…
|
CWE-131
Incorrect Calculation of Buffer Size
|
CVE-2020-36475
|
2024-11-21 14:29 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199046
|
7.5 |
HIGH
Network
|
arm
siemens
debian
|
mbed_tls
logo\!_cmr2020_firmware
logo\!_cmr2040_firmware
simatic_rtu3031c_firmware
simatic_rtu3041c_firmware
simatic_rtu3030c_firmware
simatic_rtu3000c_firmware
debian_linux
|
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certifi…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-36478
|
2024-11-21 14:29 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199047
|
5.9 |
MEDIUM
Network
|
arm
|
mbed_tls
|
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certifica…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-36477
|
2024-11-21 14:29 |
2021-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199048
|
9.8 |
CRITICAL
Network
|
safecurl_project
|
safecurl
|
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.
|
NVD-CWE-Other
|
CVE-2020-36474
|
2024-11-21 14:29 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199049
|
3.7 |
LOW
Network
|
ucweb
|
ucweb_uc
|
UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-36473
|
2024-11-21 14:29 |
2021-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199050
|
9.8 |
CRITICAL
Network
|
amazon
|
amazon_cloudfront
|
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-36363
|
2024-11-21 14:29 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
