CVE-2020-10991

Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java

Source: CVE-2020-10991

CVE-2020-10992

Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.

Source: CVE-2020-10992

CVE-2020-10993

Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java.

Source: CVE-2020-10993

CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.

Source: CVE-2020-9467

CVE-2020-9468

The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.

Source: CVE-2020-9468

CVE-2020-10828

A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.

Source: CVE-2020-10828

CVE-2020-10827

A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.

Source: CVE-2020-10827

CVE-2020-10826

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.

Source: CVE-2020-10826

CVE-2020-10824

A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).

Source: CVE-2020-10824

CVE-2020-10825

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).

Source: CVE-2020-10825