|
211841
|
6.1 |
MEDIUM
Network
|
jupyter
|
jupyter_server
|
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version …
|
-
|
CVE-2020-26275
|
2024-11-21 14:19 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211842
|
7.5 |
HIGH
Network
|
tlslite-ng_project
|
tlslite-ng
|
tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding c…
|
-
|
CVE-2020-26263
|
2024-11-21 14:19 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211843
|
6.1 |
MEDIUM
Network
|
niftypm
|
nifty-pm
|
Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26049
|
2024-11-21 14:19 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211844
|
8.9 |
HIGH
Network
|
openslides
|
openslides
|
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input valid…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26280
|
2024-11-21 14:19 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211845
|
4.7 |
MEDIUM
Network
|
openzaak
|
open_zaak
|
Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. In Open Zaak before version 1.3.3 the Cross-Origin-Resource-Sharing poli…
|
CWE-346
Origin Validation Error
|
CVE-2020-26251
|
2024-11-21 14:19 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211846
|
5.3 |
MEDIUM
Network
|
tangro
|
business_workflow
|
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-26178
|
2024-11-21 14:19 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211847
|
4.3 |
MEDIUM
Network
|
tangro
|
business_workflow
|
In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied …
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2020-26177
|
2024-11-21 14:19 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211848
|
4.3 |
MEDIUM
Network
|
tangro
|
business_workflow
|
An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an att…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-26176
|
2024-11-21 14:19 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211849
|
6.5 |
MEDIUM
Network
|
tangro
|
business_workflow
|
In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-26175
|
2024-11-21 14:19 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211850
|
8.8 |
HIGH
Network
|
tangro
|
business_workflow
|
tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26174
|
2024-11-21 14:19 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
