8.7
CVE-2020-36950 - Laravel Nova 3.7.0 - 'range' DoS
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.
6.7
CVE-2020-36949 - TapinRadio 2.13.7 - Denial of Service
TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fields to cause the application to become unreβ¦
8.7
CVE-2020-36948 - VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissioβ¦
7.1
CVE-2020-36947 - LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensiβ¦
8.7
CVE-2020-36946 - SyncBreeze 10.0.28 - 'login' Denial of Service
SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.
8.7
CVE-2020-36942 - Victor CMS 1.0 - File Upload To RCE
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.
5.3
CVE-2020-36941 - Knockpy 4.1.1 - CSV Injection
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applicβ¦
5.1
CVE-2020-36940 - Easy CD & DVD Cover Creator 4.13 - Denial of Service
Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an application crash.
8.7
CVE-2020-36939 - Cassandra Web 0.5.0 - Remote File Read
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Caβ¦
7
CVE-2020-36938 - WinAVR Version 20100110 - Insecure Folder Permissions
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.