|
211731
|
4.3 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address …
|
NVD-CWE-Other
|
CVE-2020-27621
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211732
|
6.1 |
MEDIUM
Network
|
mediawiki
|
skin\
|
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSoc…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27620
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211733
|
9.8 |
CRITICAL
Network
|
python
fedoraproject
oracle
|
python
fedora
communications_cloud_native_core_network_function_cloud_native_environment
|
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
|
NVD-CWE-noinfo
|
CVE-2020-27619
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211734
|
9.8 |
CRITICAL
Network
|
loginizer
|
loginizer
|
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.
|
CWE-89
SQL Injection
|
CVE-2020-27615
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211735
|
6.1 |
MEDIUM
Network
|
cminds
|
cm_download_manager
|
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27344
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211736
|
8.4 |
HIGH
Local
|
bigbluebutton
|
bigbluebutton
|
The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-27613
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211737
|
4.3 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publis…
|
CWE-200
Information Exposure
|
CVE-2020-27612
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211738
|
7.3 |
HIGH
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-27611
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211739
|
7.5 |
HIGH
Network
|
bigbluebutton
|
bigbluebutton
|
The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block ext…
|
NVD-CWE-noinfo
|
CVE-2020-27610
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211740
|
5.3 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meetin…
|
CWE-863
Incorrect Authorization
|
CVE-2020-27609
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
