|
209761
|
9.9 |
CRITICAL
Network
|
openstack
|
blazar-dashboard
|
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the us…
|
NVD-CWE-noinfo
|
CVE-2020-26943
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209762
|
9.6 |
CRITICAL
Network
|
marktext
|
marktext
|
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the d…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27176
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209763
|
7.5 |
HIGH
Network
|
amazon
|
firecracker
|
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memo…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-27174
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209764
|
7.5 |
HIGH
Network
|
vm-superio_project
|
vm-superio
|
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-27173
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209765
|
6.1 |
MEDIUM
Network
|
phpredisadmin_project
|
phpredisadmin
|
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27163
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209766
|
6.1 |
MEDIUM
Network
|
sagedpw
|
sage_dpw
|
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking …
|
CWE-79
Cross-site Scripting
|
CVE-2020-26584
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209767
|
6.1 |
MEDIUM
Network
|
sagedpw
|
sage_dpw
|
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26583
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209768
|
8.1 |
HIGH
Network
|
veritas
|
aptare
|
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-27157
|
2024-11-21 14:20 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209769
|
9.8 |
CRITICAL
Network
|
veritas
|
aptare
|
Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user.
|
CWE-863
Incorrect Authorization
|
CVE-2020-27156
|
2024-11-21 14:20 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209770
|
8.6 |
HIGH
Network
|
bluez
debian
opensuse
|
bluez
debian_linux
leap
|
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during servic…
|
CWE-415
Double Free
|
CVE-2020-27153
|
2024-11-21 14:20 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
