|
211261
|
7.2 |
HIGH
Network
|
bludit
|
bludit
|
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-23765
|
2024-11-21 14:14 |
2021-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211262
|
7.5 |
HIGH
Network
|
hom.ee
|
brain_cube_core
|
homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-24396
|
2024-11-21 14:14 |
2021-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211263
|
6.8 |
MEDIUM
Physics
|
hom.ee
|
brain_cube_core
|
The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validati…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-24395
|
2024-11-21 14:14 |
2021-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211264
|
5.5 |
MEDIUM
Local
|
gnu
|
libredwg
|
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dw…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23861
|
2024-11-21 14:14 |
2021-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211265
|
6.1 |
MEDIUM
Network
|
tinyshop_project
|
tinyshop
|
TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /ev…
|
CWE-79
Cross-site Scripting
|
CVE-2020-24026
|
2024-11-21 14:14 |
2021-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211266
|
5.5 |
MEDIUM
Local
|
gnu
fedoraproject
|
cflow
fedora
|
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
|
CWE-416
Use After Free
|
CVE-2020-23856
|
2024-11-21 14:14 |
2021-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211267
|
5.5 |
MEDIUM
Local
|
rockcarry
|
ffjpeg
|
A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23852
|
2024-11-21 14:14 |
2021-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211268
|
5.5 |
MEDIUM
Local
|
rockcarry
|
ffjpeg
|
A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23851
|
2024-11-21 14:14 |
2021-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211269
|
7.1 |
HIGH
Local
|
upx_project
fedoraproject
|
upx
fedora
|
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-24119
|
2024-11-21 14:14 |
2021-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211270
|
9.8 |
CRITICAL
Network
|
yfcmf
|
yfcmf
|
YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php.
|
NVD-CWE-noinfo
|
CVE-2020-23691
|
2024-11-21 14:14 |
2021-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
