Show filters
256 Total Results
Displaying 191-200 of 256
Sort by:
Attacker Value
Unknown
CVE-2020-35945
Disclosure Date: January 01, 2021 (last updated February 22, 2025)
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.
0
Attacker Value
Unknown
CVE-2020-27818
Disclosure Date: December 08, 2020 (last updated February 22, 2025)
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
0
Attacker Value
Unknown
CVE-2020-13995
Disclosure Date: September 25, 2020 (last updated February 22, 2025)
U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer.
0
Attacker Value
Unknown
CVE-2020-12798
Disclosure Date: May 15, 2020 (last updated February 21, 2025)
Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen.
0
Attacker Value
Unknown
CVE-2020-1945
Disclosure Date: May 14, 2020 (last updated February 21, 2025)
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
0
Attacker Value
Unknown
CVE-2020-9840
Disclosure Date: May 11, 2020 (last updated February 21, 2025)
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.
0
Attacker Value
Unknown
CVE-2020-12755
Disclosure Date: May 09, 2020 (last updated November 27, 2024)
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.
0
Attacker Value
Unknown
CVE-2020-9274
Disclosure Date: February 26, 2020 (last updated February 21, 2025)
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
0
Attacker Value
Unknown
CVE-2012-6114
Disclosure Date: January 28, 2020 (last updated February 21, 2025)
The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort.
0
Attacker Value
Unknown
CVE-2020-7106
Disclosure Date: January 16, 2020 (last updated February 21, 2025)
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
0