|
210991
|
9.8 |
CRITICAL
Network
|
gitea
|
gitea
|
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_…
|
NVD-CWE-noinfo
|
CVE-2020-28991
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210992
|
9.8 |
CRITICAL
Network
|
spip
debian
|
spip
debian_linux
|
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
|
NVD-CWE-noinfo
|
CVE-2020-28984
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210993
|
6.1 |
MEDIUM
Network
|
magicpin
|
magicpin
|
There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28927
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210994
|
5.3 |
MEDIUM
Network
|
neomutt
mutt
debian
|
neomutt
mutt
debian_linux
|
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and t…
|
CWE-287
CWE-755
Improper Authentication
Improper Handling of Exceptional Conditions
|
CVE-2020-28896
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210995
|
9.8 |
CRITICAL
Network
|
winscp
|
winscp
|
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-28864
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210996
|
7.5 |
HIGH
Network
|
scikit-learn
|
scikit-learn
|
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced…
|
NVD-CWE-noinfo
|
CVE-2020-28975
|
2024-11-21 14:23 |
2020-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210997
|
7.8 |
HIGH
Local
|
netskope
|
netskope
|
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-28845
|
2024-11-21 14:23 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210998
|
5.0 |
MEDIUM
Physics
|
linux
debian
|
linux_kernel
debian_linux
|
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-28974
|
2024-11-21 14:23 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210999
|
9.8 |
CRITICAL
Network
|
tp-link
|
wdr7400_firmware
wdr7500_firmware
wdr7660_firmware
wdr7800_firmware
wdr8400_firmware
wdr8500_firmware
wdr8600_firmware
wdr8620_firmware
wdr8640_firmware
wdr8660_firmware
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-28877
|
2024-11-21 14:23 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
211000
|
5.3 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2020-28954
|
2024-11-21 14:23 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
