From DHS/US-CERT’s National Vulnerability Database
CVE-2020-35702
PUBLISHED: 2020-12-25
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document.
CVE-2020-26282
PUBLISHED: 2020-12-24
BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template Injection was identified…
CVE-2020-11093
PUBLISHED: 2020-12-24
Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the ledger….
CVE-2020-28912
PUBLISHED: 2020-12-24
With MariaDB running on Windows, when local clients connect to the server over named pipes, it’s possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between th…
CVE-2020-29247
PUBLISHED: 2020-12-24
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.
