|
208221
|
9.8 |
CRITICAL
Network
|
nasm
|
netwide_assembler
|
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.
|
CWE-415
Double Free
|
CVE-2020-24978
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208222
|
7.8 |
HIGH
Local
|
xpdfreader
|
xpdf
|
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24999
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208223
|
7.8 |
HIGH
Local
|
xpdfreader
|
xpdf
|
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binar…
|
CWE-665
Improper Initialization
|
CVE-2020-24996
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208224
|
9.8 |
CRITICAL
Network
|
heybbs_project
|
heybbs
|
Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-25006
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208225
|
9.8 |
CRITICAL
Network
|
heybbs_project
|
heybbs
|
Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-25005
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208226
|
9.8 |
CRITICAL
Network
|
heybbs_project
|
heybbs
|
Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-25004
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208227
|
6.5 |
MEDIUM
Network
|
xmlsoft
debian
fedoraproject
opensuse
netapp
oracle
|
libxml2
debian_linux
fedora
leap
snapdrive
clustered_data_ontap
clustered_data_ontap_antivirus_connector
active_iq_unified_manager
manageability_software_development_kit
in…
|
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-24977
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208228
|
9.8 |
CRITICAL
Network
|
pancakeapp
|
pancake
|
Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-24876
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208229
|
7.2 |
HIGH
Network
|
maracms
|
maracms
|
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request t…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25042
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208230
|
7.2 |
HIGH
Network
|
autoptimize
|
autoptimize
|
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PH…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-24948
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
