|
210641
|
9.8 |
CRITICAL
Network
|
sqreen
|
python_mini_racer
|
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25489
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210642
|
8.8 |
HIGH
Network
|
alfresco
|
reset_password
|
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2020-25728
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210643
|
7.5 |
HIGH
Network
|
flexsolution
|
reset_password
|
The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field.
|
CWE-89
SQL Injection
|
CVE-2020-25727
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210644
|
7.3 |
HIGH
Network
|
sqreen
|
php_microagent
|
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-25490
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210645
|
9.8 |
CRITICAL
Network
|
xmlquery_project
|
xmlquery
|
xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have u…
|
CWE-119
CWE-20
Incorrect Access of Indexable Resource ('Range Error')
Improper Input Validation
|
CVE-2020-25614
|
2024-11-21 14:18 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210646
|
7.8 |
HIGH
Local
|
gnuplot_project
|
gnuplot
|
gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.
|
CWE-415
Double Free
|
CVE-2020-25559
|
2024-11-21 14:18 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210647
|
9.8 |
CRITICAL
Network
|
rand_project
|
rand
|
An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2020-25576
|
2024-11-21 14:18 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210648
|
9.8 |
CRITICAL
Network
|
failure_project
|
failure
|
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerab…
|
CWE-843
Type Confusion
|
CVE-2020-25575
|
2024-11-21 14:18 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210649
|
7.5 |
HIGH
Network
|
hyper
|
http
|
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).
|
CWE-190
CWE-835
Integer Overflow or Wraparound
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-25574
|
2024-11-21 14:18 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210650
|
9.8 |
CRITICAL
Network
|
linked-hash-map_project
|
linked-hash-map
|
An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint.
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2020-25573
|
2024-11-21 14:18 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
