|
210291
|
6.5 |
MEDIUM
Network
|
newsscriptphp
|
news_script_php_pro
|
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.
|
CWE-352
Origin Validation Error
|
CVE-2020-25472
|
2024-11-21 14:18 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210292
|
7.5 |
HIGH
Network
|
postgresql
debian
|
postgresql
debian_linux
|
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses …
|
-
|
CVE-2020-25696
|
2024-11-21 14:18 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210293
|
3.5 |
LOW
Adjacent
|
redhat
|
advanced_cluster_management_for_kubernetes
|
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25688
|
2024-11-21 14:18 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210294
|
8.8 |
HIGH
Adjacent
|
redhat
fedoraproject
|
ceph
ceph_storage
openshift_container_platform
fedora
|
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilu…
|
-
|
CVE-2020-25660
|
2024-11-21 14:18 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210295
|
5.5 |
MEDIUM
Local
|
xpdfreader
fedoraproject
|
xpdf
fedora
|
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a pr…
|
-
|
CVE-2020-25725
|
2024-11-21 14:18 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210296
|
9.8 |
CRITICAL
Network
|
microfocus
|
identity_manager
|
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1.
|
CWE-89
SQL Injection
|
CVE-2020-25839
|
2024-11-21 14:18 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210297
|
5.3 |
MEDIUM
Network
|
moodle
fedoraproject
|
moodle
fedora
|
The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. …
|
CWE-200
Information Exposure
|
CVE-2020-25703
|
2024-11-21 14:18 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210298
|
6.1 |
MEDIUM
Network
|
moodle
fedoraproject
|
moodle
fedora
|
In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25702
|
2024-11-21 14:18 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210299
|
5.3 |
MEDIUM
Network
|
moodle
fedoraproject
|
moodle
fedora
|
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead t…
|
CWE-863
Incorrect Authorization
|
CVE-2020-25701
|
2024-11-21 14:18 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210300
|
6.5 |
MEDIUM
Network
|
moodle
fedoraproject
|
moodle
fedora
|
In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earli…
|
CWE-89
SQL Injection
|
CVE-2020-25700
|
2024-11-21 14:18 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
