» 2020 » 12월

CVE-2020-28278

Posted on 2020년 12월 30일2020년 12월 30일 by admin

CVE-2020-28278

Prototype pollution vulnerability in â€˜shvlâ€™ versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

Source: CVE-2020-28278

CVE-2020-28279

Posted on 2020년 12월 30일2020년 12월 30일 by admin

CVE-2020-28279

Prototype pollution vulnerability in â€˜flattenizerâ€™ versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution.

Source: CVE-2020-28279

CVE-2020-1848

Posted on 2020년 12월 30일2020년 12월 30일 by admin

CVE-2020-1848

There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1). Local attackers construct malicious application files, causing system applications to run abnormally.

Source: CVE-2020-1848

CVE-2020-28280

Posted on 2020년 12월 30일2020년 12월 30일 by admin

CVE-2020-28280

Prototype pollution vulnerability in â€˜predefineâ€™ versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution.

Source: CVE-2020-28280

CVE-2020-28282

Posted on 2020년 12월 30일2020년 12월 30일 by admin

CVE-2020-28282

Prototype pollution vulnerability in â€˜getobjectâ€™ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.

Source: CVE-2020-28282

CVE-2020-29470

Posted on 2020년 12월 30일2020년 12월 30일 by admin

CVE-2020-29470

OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

Source: CVE-2020-29470

CVE-2020-29471

Posted on 2020년 12월 30일2020년 12월 30일 by admin

CVE-2020-29471

OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.

Source: CVE-2020-29471

CVE-2020-28275

Posted on 2020년 12월 30일2020년 12월 30일 by admin

CVE-2020-28275

Prototype pollution vulnerability in ‘cache-base’ versions 0.7.0 through 4.0.0 allows attacker to cause a denial of service and may lead to remote code execution.

Source: CVE-2020-28275

CVE-2020-28277

Posted on 2020년 12월 30일2020년 12월 30일 by admin

CVE-2020-28277

Prototype pollution vulnerability in ‘dset’ versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.

Source: CVE-2020-28277

CVE-2020-28276

Posted on 2020년 12월 30일2020년 12월 30일 by admin

CVE-2020-28276

Prototype pollution vulnerability in ‘deep-set’ versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.

Source: CVE-2020-28276