CVE-2020-18900
A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128 allows attackers to execute arbitrary code. Devamını Oku
A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128 allows attackers to execute arbitrary code. Devamını Oku
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. Devamını Oku
An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file. Devamını Oku
An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input. Devamını Oku
** DISPUTED ** A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub. Devamını Oku
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. Devamını Oku
Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area. Devamını Oku
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. Devamını Oku
Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area. Devamını Oku
Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221. Devamını Oku
Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221. Devamını Oku
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none. Devamını Oku