CVE-2020-28362
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
Source: CVE-2020-28362
[월:] 2020년 11월
CVE-2020-28091
CVE-2020-28091
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
Source: CVE-2020-28091
CVE-2020-24297
CVE-2020-24297
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023
Source: CVE-2020-24297
CVE-2020-26884
CVE-2020-26884
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application.
Source: CVE-2020-26884
CVE-2020-25406
CVE-2020-25406
appadmincontrollersysUploads.php in lemocms 1.8.x allows users to upload files to upload executable files.
Source: CVE-2020-25406
CVE-2020-28005
CVE-2020-28005
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023
Source: CVE-2020-28005
CVE-2020-6016
CVE-2020-6016
Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.
Source: CVE-2020-6016
CVE-2020-28724
CVE-2020-28724
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
Source: CVE-2020-28724
CVE-2020-7563
CVE-2020-7563
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.
Source: CVE-2020-7563
CVE-2020-7564
CVE-2020-7564
A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.
Source: CVE-2020-7564