|
212821
|
7.5 |
HIGH
Network
|
nlnetlabs
debian
opensuse
canonical
fedoraproject
|
unbound
debian_linux
leap
ubuntu_linux
fedora
|
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-12663
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212822
|
7.5 |
HIGH
Network
|
nlnetlabs
debian
opensuse
canonical
fedoraproject
|
unbound
debian_linux
leap
ubuntu_linux
fedora
|
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-12662
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212823
|
7.5 |
HIGH
Network
|
nic
|
knot_resolver
|
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME i…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-12667
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212824
|
6.5 |
MEDIUM
Network
|
zohocorp
|
manageengine_servicedesk_plus
|
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
|
CWE-862
Missing Authorization
|
CVE-2020-13154
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212825
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13153
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212826
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr
|
Dolibarr before 11.0.4 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13094
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212827
|
7.8 |
HIGH
Local
|
msi
|
dragon_center
|
Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite syste…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13149
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212828
|
8.8 |
HIGH
Network
|
edx
|
open_edx_platform
|
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profil…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-13146
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212829
|
5.4 |
MEDIUM
Network
|
edx
|
open_edx_platform
|
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13145
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212830
|
8.8 |
HIGH
Network
|
edx
|
open_edx_platform
|
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Pyth…
|
CWE-94
CWE-862
Code Injection
Missing Authorization
|
CVE-2020-13144
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
