CVE-2020-5605
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
Source: CVE-2020-5605
CVE-2020-5605
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
Source: CVE-2020-5605
CVE-2020-5628
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
Source: CVE-2020-5628
CVE-2020-25756
** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice."
Source: CVE-2020-25756
CVE-2020-25750
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST[‘xml’]) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Source: CVE-2020-25750
CVE-2020-25751
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.
Source: CVE-2020-25751
CVE-2020-25734
webTareas through 2.1 allows files/Default/ Directory Listing.
Source: CVE-2020-25734
CVE-2020-25733
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.
Source: CVE-2020-25733
CVE-2020-25735
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.
Source: CVE-2020-25735
CVE-2020-25744
SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%SaferVPNLog is followed.
Source: CVE-2020-25744
CVE-2020-15185
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.
Source: CVE-2020-15185