CVE-2020-18899

An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.

Source: CVE-2020-18899

CVE-2020-18897

An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.

Source: CVE-2020-18897

CVE-2020-18900

A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128 allows attackers to execute arbitrary code.

Source: CVE-2020-18900

CVE-2021-37597

WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.

Source: CVE-2021-37597

CVE-2021-37598

WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.

Source: CVE-2021-37598

CVE-2021-28490

In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.

Source: CVE-2021-28490

CVE-2020-20642

Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.

Source: CVE-2020-20642

CVE-2020-20645

Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.

Source: CVE-2020-20645

CVE-2021-39302

MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions[‘org’] value.

Source: CVE-2021-39302

CVE-2020-18748

Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221.

Source: CVE-2020-18748