Show filters
256 Total Results
Displaying 191-200 of 256
Sort by:
Attacker Value
Unknown

CVE-2020-35945

Disclosure Date: January 01, 2021 (last updated February 22, 2025)
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.
Attacker Value
Unknown

CVE-2020-27818

Disclosure Date: December 08, 2020 (last updated February 22, 2025)
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
Attacker Value
Unknown

CVE-2020-13995

Disclosure Date: September 25, 2020 (last updated February 22, 2025)
U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer.
Attacker Value
Unknown

CVE-2020-12798

Disclosure Date: May 15, 2020 (last updated February 21, 2025)
Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen.
Attacker Value
Unknown

CVE-2020-1945

Disclosure Date: May 14, 2020 (last updated February 21, 2025)
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
Attacker Value
Unknown

CVE-2020-9840

Disclosure Date: May 11, 2020 (last updated February 21, 2025)
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.
Attacker Value
Unknown

CVE-2020-12755

Disclosure Date: May 09, 2020 (last updated November 27, 2024)
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.
Attacker Value
Unknown

CVE-2020-9274

Disclosure Date: February 26, 2020 (last updated February 21, 2025)
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
Attacker Value
Unknown

CVE-2012-6114

Disclosure Date: January 28, 2020 (last updated February 21, 2025)
The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort.
Attacker Value
Unknown

CVE-2020-7106

Disclosure Date: January 16, 2020 (last updated February 21, 2025)
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).