|
211921
|
6.5 |
MEDIUM
Network
|
symless
fedoraproject
|
synergy
fedora
|
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB.…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-15117
|
2024-11-21 14:04 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211922
|
3.3 |
LOW
Local
|
schokokeks
|
freewvs
|
In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where…
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-15101
|
2024-11-21 14:04 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211923
|
3.3 |
LOW
Local
|
schokokeks
|
freewvs
|
In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-15100
|
2024-11-21 14:04 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211924
|
7.5 |
HIGH
Network
|
openvpn
|
openvpn_access_server
|
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial t…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-15074
|
2024-11-21 14:04 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211925
|
5.4 |
MEDIUM
Network
|
envoyproxy
|
envoy
|
In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For e…
|
CWE-346
Origin Validation Error
|
CVE-2020-15104
|
2024-11-21 14:04 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211926
|
7.5 |
HIGH
Network
|
supremainc
|
biostar_2
|
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
|
CWE-22
Path Traversal
|
CVE-2020-15050
|
2024-11-21 14:04 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211927
|
5.4 |
MEDIUM
Network
|
django_two-factor_authentication_project
|
django_two-factor_authentication
|
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-15105
|
2024-11-21 14:04 |
2020-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211928
|
8.6 |
HIGH
Network
|
amazon
|
tough
|
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumve…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-15093
|
2024-11-21 14:04 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211929
|
4.8 |
MEDIUM
Network
|
northwestern
|
timelinejs
|
In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whethe…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15092
|
2024-11-21 14:04 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211930
|
5.3 |
MEDIUM
Adjacent
|
yubico
|
yubikey_5_nfc_firmware
|
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is …
|
CWE-862
Missing Authorization
|
CVE-2020-15001
|
2024-11-21 14:04 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
