|
199041
|
9.8 |
CRITICAL
Network
|
hashbrowncms
|
hashbrown_cms
|
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, an…
|
CWE-78
OS Command
|
CVE-2020-6948
|
2024-11-21 14:36 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199042
|
5.3 |
MEDIUM
Network
|
ultimatemember
|
ultimate_member
|
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' prof…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-6859
|
2024-11-21 14:36 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199043
|
8.8 |
HIGH
Network
|
symonics
fedoraproject
|
libmysofa
fedora
|
libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6860
|
2024-11-21 14:36 |
2020-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199044
|
7.5 |
HIGH
Network
|
uclouvain
fedoraproject
debian
redhat
oracle
|
openjpeg
fedora
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux
enterprise_linux_server_aus
enterprise_linux_server…
|
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6851
|
2024-11-21 14:36 |
2020-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199045
|
6.1 |
MEDIUM
Network
|
axper
|
vision_ii_firmware
|
Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6848
|
2024-11-21 14:36 |
2020-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199046
|
5.4 |
MEDIUM
Network
|
opentrade_project
|
opentrade
|
OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6847
|
2024-11-21 14:36 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199047
|
9.8 |
CRITICAL
Network
|
mruby
|
mruby
|
In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c.
|
CWE-416
Use After Free
|
CVE-2020-6840
|
2024-11-21 14:36 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199048
|
9.8 |
CRITICAL
Network
|
mruby
|
mruby
|
In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6839
|
2024-11-21 14:36 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199049
|
9.8 |
CRITICAL
Network
|
mruby
|
mruby
|
In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c.
|
CWE-416
Use After Free
|
CVE-2020-6838
|
2024-11-21 14:36 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199050
|
9.8 |
CRITICAL
Network
|
hot-formula-parser_project
|
hot-formula-parser
|
grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concat…
|
CWE-94
Code Injection
|
CVE-2020-6836
|
2024-11-21 14:36 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
