CVE-2020-13458
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
Source: CVE-2020-13458
[월:] 2020년 05월
CVE-2020-13459
CVE-2020-13459
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
Source: CVE-2020-13459
CVE-2020-13442
CVE-2020-13442
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.
Source: CVE-2020-13442
CVE-2020-5537
CVE-2020-5537
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.
Source: CVE-2020-5537
CVE-2020-13438
CVE-2020-13438
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.
Source: CVE-2020-13438
CVE-2020-13439
CVE-2020-13439
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.
Source: CVE-2020-13439
CVE-2020-13440
CVE-2020-13440
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
Source: CVE-2020-13440
CVE-2020-13435
CVE-2020-13435
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
Source: CVE-2020-13435
CVE-2020-13434
CVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
Source: CVE-2020-13434
CVE-2020-13433
CVE-2020-13433
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.
Source: CVE-2020-13433