Monthly Archive: April 2021

CVE-2020-22002

An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI

CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI

CVE-2020-21990

Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially...

CVE-2020-21452

An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload Date published : 2021-04-29 https://github.com/qq1654985095/tyq

CVE-2020-21101

Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the ‘Add Asset’ page via manipulation of a ‘URL’ field, which could let a remote malicious user execute arbitrary code. Date published...

CVE-2020-18070

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". Date published : 2021-04-29 https://github.com/idreamsoft/iCMS/issues/46

CVE-2020-18035

Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java". Date published : 2021-04-29 https://github.com/zchuanzhao/jeesns/issues/8

CVE-2020-18032

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into...

CVE-2020-15225

django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential...