CVE-2020-29129
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
Source: CVE-2020-29129
[월:] 2020년 11월
CVE-2020-26936
CVE-2020-26936
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
Source: CVE-2020-26936
CVE-2020-29042
CVE-2020-29042
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
Source: CVE-2020-29042
CVE-2020-29043
CVE-2020-29043
An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.
Source: CVE-2020-29043
CVE-2020-27663
CVE-2020-27663
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).
Source: CVE-2020-27663
CVE-2020-27207
CVE-2020-27207
Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.
Source: CVE-2020-27207
CVE-2020-29065
CVE-2020-29065
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
Source: CVE-2020-29065
CVE-2020-27662
CVE-2020-27662
In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).
Source: CVE-2020-27662
CVE-2020-13886
CVE-2020-13886
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.
Source: CVE-2020-13886
CVE-2020-7779
CVE-2020-7779
All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails – for example, –@————————————————————————————————————————!.
Source: CVE-2020-7779