The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2020-21827 | A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379. | MEDIUM | May 17, 2021 |
| CVE-2020-21819 | A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51. | MEDIUM | May 21, 2021 |
| CVE-2020-21818 | A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48. | MEDIUM | May 21, 2021 |
| CVE-2020-21817 | A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash). | MEDIUM | May 21, 2021 |
| CVE-2020-21816 | A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46. | MEDIUM | May 21, 2021 |
| CVE-2020-21815 | A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash). | MEDIUM | May 21, 2021 |
| CVE-2020-21814 | A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97. | MEDIUM | May 21, 2021 |
| CVE-2020-21813 | A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114. | MEDIUM | May 17, 2021 |
| CVE-2020-21809 | SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php. | HIGH | Jul 30, 2021 |
| CVE-2020-21808 | SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php. | HIGH | Jul 30, 2021 |
| CVE-2020-21806 | SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php.. | HIGH | Jul 30, 2021 |
| CVE-2020-21788 | In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php. | MEDIUM | Jun 24, 2021 |
| CVE-2020-21787 | CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. | HIGH | Jun 24, 2021 |
| CVE-2020-21786 | In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php. | HIGH | Jun 24, 2021 |
| CVE-2020-21785 | In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability. | MEDIUM | Jun 24, 2021 |
| CVE-2020-21784 | phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. | HIGH | Jun 24, 2021 |
| CVE-2020-21783 | In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter. | MEDIUM | Jun 24, 2021 |
| CVE-2020-21733 | Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp. | MEDIUM | Sep 17, 2020 |
| CVE-2020-21732 | Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename. | MEDIUM | Sep 17, 2020 |
| CVE-2020-21731 | Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code. | MEDIUM | Sep 17, 2020 |
| CVE-2020-21729 | JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | LOW | Oct 8, 2021 |
| CVE-2020-21726 | OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter. | HIGH | Oct 8, 2021 |
| CVE-2020-21725 | OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter. | HIGH | Oct 8, 2021 |
| CVE-2020-21724 | Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file. | -- | Aug 22, 2023 |
| CVE-2020-21723 | A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file. | -- | Aug 22, 2023 |
| CVE-2020-21722 | Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file. | -- | Aug 22, 2023 |
| CVE-2020-21710 | A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. | -- | Aug 22, 2023 |
| CVE-2020-21699 | The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests. | -- | Aug 22, 2023 |
| CVE-2020-21697 | A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. | MEDIUM | Aug 10, 2021 |
| CVE-2020-21690 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-20451. Reason: This candidate is a duplicate of CVE-2020-20451. Notes: All CVE users should reference CVE-2020-20451 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2020-21688 | A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. | MEDIUM | Aug 10, 2021 |
| CVE-2020-21687 | Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | -- | Aug 22, 2023 |
| CVE-2020-21686 | A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file. | -- | Aug 22, 2023 |
| CVE-2020-21685 | Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | -- | Aug 22, 2023 |
| CVE-2020-21684 | A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | MEDIUM | Aug 10, 2021 |
| CVE-2020-21683 | A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | MEDIUM | Aug 10, 2021 |
| CVE-2020-21682 | A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | MEDIUM | Aug 10, 2021 |
| CVE-2020-21681 | A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | MEDIUM | Aug 10, 2021 |
| CVE-2020-21680 | A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | MEDIUM | Aug 10, 2021 |
| CVE-2020-21679 | Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. | -- | Aug 22, 2023 |
| CVE-2020-21678 | A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format. | MEDIUM | Aug 10, 2021 |
| CVE-2020-21677 | A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format. | MEDIUM | Aug 10, 2021 |
| CVE-2020-21676 | A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | MEDIUM | Aug 10, 2021 |
| CVE-2020-21675 | A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. | MEDIUM | Aug 13, 2021 |
| CVE-2020-21674 | Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product\'s official releases are unaffected. | MEDIUM | Oct 15, 2020 |
| CVE-2020-21667 | In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the \'table\' parameter passed is not filtered so a malicious parameter can be passed for SQL injection. | MEDIUM | Nov 13, 2020 |
| CVE-2020-21665 | In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. | MEDIUM | Nov 17, 2020 |
| CVE-2020-21662 | SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF. | -- | Jul 31, 2023 |
| CVE-2020-21658 | A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL. | MEDIUM | Oct 6, 2021 |
| CVE-2020-21656 | XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index. | LOW | Oct 6, 2021 |
