CVE-2020-25379
WordPress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the ‘Manufacturer[]’ parameter which allows an authenticated attacker to inject a malicious SQL query.
Source: CVE-2020-25379
CVE-2020-25379
WordPress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the ‘Manufacturer[]’ parameter which allows an authenticated attacker to inject a malicious SQL query.
Source: CVE-2020-25379
CVE-2020-8817
Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.
Source: CVE-2020-8817
CVE-2020-11684
AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader).
Source: CVE-2020-11684
CVE-2020-12787
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
Source: CVE-2020-12787
CVE-2020-12789
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.
Source: CVE-2020-12789
CVE-2018-20432
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
Source: CVE-2018-20432
CVE-2020-12788
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.
Source: CVE-2020-12788
CVE-2020-11683
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.
Source: CVE-2020-11683
CVE-2020-24660
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package.
Source: CVE-2020-24660
CVE-2020-25540
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
Source: CVE-2020-25540