CVE-2016-9026
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
Source: CVE-2016-9026
[월:] 2020년 12월
CVE-2018-14067
CVE-2018-14067
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980.
Source: CVE-2018-14067
CVE-2018-16795
CVE-2018-16795
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.
Source: CVE-2018-16795
CVE-2016-9022
CVE-2016-9022
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
Source: CVE-2016-9022
CVE-2020-17363
CVE-2020-17363
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.
Source: CVE-2020-17363
CVE-2020-19664
CVE-2020-19664
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
Source: CVE-2020-19664
CVE-2019-20808
CVE-2019-20808
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
Source: CVE-2019-20808
CVE-2020-16132
CVE-2020-16132
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-24240. Reason: This candidate is a reservation duplicate of CVE-2020-24240. Notes: All CVE users should reference CVE-2020-24240 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Source: CVE-2020-16132
CVE-2020-13654
CVE-2020-13654
XWiki Platform before 12.8 mishandles escaping in the property displayer.
Source: CVE-2020-13654
CVE-2020-12658
CVE-2020-12658
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c.
Source: CVE-2020-12658