|
210721
|
7.0 |
HIGH
Local
|
blueman_project
debian
fedoraproject
|
blueman
debian_linux
fedora
|
Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depe…
|
CWE-88
Argument Injection
|
CVE-2020-15238
|
2024-11-21 14:05 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210722
|
7.2 |
HIGH
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
connect_secure
pulse_policy_secure
policy_secure
|
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forg…
|
CWE-611
XXE
|
CVE-2020-15352
|
2024-11-21 14:05 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210723
|
5.4 |
MEDIUM
Network
|
requarks
|
wiki.js
|
In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual …
|
-
|
CVE-2020-15274
|
2024-11-21 14:05 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210724
|
9.6 |
CRITICAL
Network
|
git-tag-annotation-action_project
|
git-tag-annotation-action
|
In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to…
|
-
|
CVE-2020-15272
|
2024-11-21 14:05 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210725
|
8.8 |
HIGH
Network
|
lookatme_project
|
lookatme
|
In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown …
|
CWE-78
OS Command
|
CVE-2020-15271
|
2024-11-21 14:05 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210726
|
4.3 |
MEDIUM
Network
|
parseplatform
|
parse-server
|
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription object…
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2020-15270
|
2024-11-21 14:05 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210727
|
7.5 |
HIGH
Network
|
google
|
tensorflow
|
In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Atte…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-15266
|
2024-11-21 14:05 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210728
|
7.5 |
HIGH
Network
|
google
|
tensorflow
|
In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tens…
|
-
|
CVE-2020-15265
|
2024-11-21 14:05 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210729
|
7.2 |
HIGH
Network
|
openmage
|
magento
|
In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through prod…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-15244
|
2024-11-21 14:05 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210730
|
9.1 |
CRITICAL
Network
|
sparksolutions
|
spree
|
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround wit…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-15269
|
2024-11-21 14:05 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
