|
209041
|
7.8 |
HIGH
Local
|
softmaker
|
planmaker_2021
|
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, whic…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28587
|
2024-11-21 14:22 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209042
|
9.8 |
CRITICAL
Network
|
geojson2kml_project
|
geojson2kml
|
All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})
|
CWE-78
OS Command
|
CVE-2020-28429
|
2024-11-21 14:22 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209043
|
8.8 |
HIGH
Network
|
png-img_project
|
png-img
|
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading …
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-28248
|
2024-11-21 14:22 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209044
|
8.8 |
HIGH
Network
|
smartstore
|
smartstorenet
|
An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin accoun…
|
CWE-352
Origin Validation Error
|
CVE-2020-27997
|
2024-11-21 14:22 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209045
|
9.8 |
CRITICAL
Network
|
merge_project
|
merge
|
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .
|
NVD-CWE-noinfo
|
CVE-2020-28499
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209046
|
7.5 |
HIGH
Network
|
fasterxml
quarkus
oracle
|
jackson-dataformats-binary
quarkus
weblogic_server
|
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lan…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-28491
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209047
|
6.5 |
MEDIUM
Network
|
reportlab
fedoraproject
|
reportlab
fedora
|
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Step…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-28463
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209048
|
7.5 |
HIGH
Network
|
three_project
|
three
|
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i+…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-28496
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209049
|
9.8 |
CRITICAL
Network
|
async-git_project
|
async-git
|
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')
|
CWE-78
OS Command
|
CVE-2020-28490
|
2024-11-21 14:22 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209050
|
7.2 |
HIGH
Network
|
microweber
|
microweber
|
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulner…
|
CWE-22
Path Traversal
|
CVE-2020-28337
|
2024-11-21 14:22 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
