|
210471
|
7.8 |
HIGH
Local
|
f5
|
njs
|
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
|
CWE-416
Use After Free
|
CVE-2020-24346
|
2024-11-21 14:14 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210472
|
7.8 |
HIGH
Local
|
jerryscript
|
jerryscript
|
JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24345
|
2024-11-21 14:14 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210473
|
7.1 |
HIGH
Local
|
jerryscript
|
jerryscript
|
JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-24344
|
2024-11-21 14:14 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210474
|
7.8 |
HIGH
Local
|
artifex
|
mujs
|
Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c.
|
CWE-416
Use After Free
|
CVE-2020-24343
|
2024-11-21 14:14 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210475
|
7.8 |
HIGH
Local
|
lua
fedoraproject
|
lua
fedora
|
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-24342
|
2024-11-21 14:14 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210476
|
5.5 |
MEDIUM
Local
|
trustedcomputinggroup
fedoraproject
|
trousers
fedora
|
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to c…
|
CWE-59
Link Following
|
CVE-2020-24332
|
2024-11-21 14:14 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210477
|
7.8 |
HIGH
Local
|
trousers_project
fedoraproject
|
trousers
fedora
|
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various…
|
CWE-269
Improper Privilege Management
|
CVE-2020-24331
|
2024-11-21 14:14 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210478
|
7.8 |
HIGH
Local
|
trousers_project
fedoraproject
|
trousers
fedora
|
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.
|
CWE-269
Improper Privilege Management
|
CVE-2020-24330
|
2024-11-21 14:14 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210479
|
7.8 |
HIGH
Local
|
flac_project
|
flac
|
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-22219
|
2024-11-21 14:13 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210480
|
8.8 |
HIGH
Network
|
evertz
|
3080ipx_firmware
7801fc_firmware
7890ixg_firmware
|
EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any c…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-22159
|
2024-11-21 14:13 |
2023-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
