|
208351
|
9.8 |
CRITICAL
Network
|
facebook
|
hermes
|
A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-1896
|
2024-11-21 14:11 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208352
|
9.8 |
CRITICAL
Network
|
yccms
|
yccms
|
Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-20287
|
2024-11-21 14:11 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208353
|
5.4 |
MEDIUM
Network
|
redhat
|
keycloak
|
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access to…
|
CWE-863
Incorrect Authorization
|
CVE-2020-1725
|
2024-11-21 14:11 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208354
|
6.1 |
MEDIUM
Network
|
redhat
keycloak_gatekeeper_project
|
mobile_application_platform
keycloak_gatekeeper
|
A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0…
|
CWE-601
Open Redirect
|
CVE-2020-1723
|
2024-11-21 14:11 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208355
|
9.8 |
CRITICAL
Network
|
caret
|
caret
|
A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.
|
NVD-CWE-noinfo
|
CVE-2020-20269
|
2024-11-21 14:11 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208356
|
6.5 |
MEDIUM
Adjacent
|
huawei
|
cloudengine_12800_firmware
cloudengine_5800_firmware
cloudengine_6800_firmware
cloudengine_7800_firmware
|
There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could s…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-1865
|
2024-11-21 14:11 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208357
|
6.5 |
MEDIUM
Adjacent
|
huawei
|
nip6800_firmware
s12700_firmware
s2700_firmware
s5700_firmware
s6700_firmware
s7700_firmware
s9700_firmware
secospace_usg6600_firmware
usg9500_firmware
|
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could caus…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-1866
|
2024-11-21 14:11 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208358
|
5.5 |
MEDIUM
Local
|
huawei
|
jackman-al00d_firmware
|
There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1). Local attackers construct malicious application files, causing system applications to run abnormally.
|
NVD-CWE-noinfo
|
CVE-2020-1848
|
2024-11-21 14:11 |
2020-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208359
|
5.4 |
MEDIUM
Network
|
zzcms
|
zzcms
|
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
|
CWE-79
Cross-site Scripting
|
CVE-2020-20285
|
2024-11-21 14:11 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208360
|
9.8 |
CRITICAL
Network
|
troglobit
|
uftpd
|
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's…
|
CWE-22
Path Traversal
|
CVE-2020-20277
|
2024-11-21 14:11 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
