CVE-2013-3725
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.
Source: CVE-2013-3725
[월:] 2020년 02월
CVE-2020-8947
CVE-2020-8947
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.
Source: CVE-2020-8947
CVE-2020-8945
CVE-2020-8945
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
Source: CVE-2020-8945
CVE-2014-3860
CVE-2014-3860
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability
Source: CVE-2014-3860
CVE-2019-11867
CVE-2019-11867
Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. To exploit this vulnerability, an attacker must send an IRP with a system buffer size of 0.
Source: CVE-2019-11867
CVE-2020-8946
CVE-2020-8946
Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter.
Source: CVE-2020-8946
CVE-2019-16336
CVE-2019-16336
The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame.
Source: CVE-2019-16336
CVE-2013-7286
CVE-2013-7286
MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm
Source: CVE-2013-7286
CVE-2020-7046
CVE-2020-7046
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.
Source: CVE-2020-7046
CVE-2020-7957
CVE-2020-7957
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages.
Source: CVE-2020-7957