|
210221
|
7.8 |
HIGH
Local
|
firejail_project
debian
fedoraproject
opensuse
|
firejail
debian_linux
fedora
leap
|
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.
|
CWE-88
Argument Injection
|
CVE-2020-17367
|
2024-11-21 14:07 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210222
|
6.1 |
MEDIUM
Network
|
carson-saint
|
saint_security_suite
|
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user…
|
CWE-79
Cross-site Scripting
|
CVE-2020-16278
|
2024-11-21 14:07 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210223
|
8.8 |
HIGH
Network
|
carson-saint
|
saint_security_suite
|
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
|
CWE-89
SQL Injection
|
CVE-2020-16277
|
2024-11-21 14:07 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210224
|
8.8 |
HIGH
Network
|
carson-saint
|
saint_security_suite
|
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
|
CWE-89
SQL Injection
|
CVE-2020-16276
|
2024-11-21 14:07 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210225
|
6.1 |
MEDIUM
Network
|
carson-saint
|
saint_security_suite
|
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-16275
|
2024-11-21 14:07 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210226
|
5.8 |
MEDIUM
Network
|
prometheus
|
blackbox_exporter
|
Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerab…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-16248
|
2024-11-21 14:07 |
2020-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210227
|
8.8 |
HIGH
Network
|
sophos
|
xg_firewall_firmware
|
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.
|
CWE-78
OS Command
|
CVE-2020-17352
|
2024-11-21 14:07 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210228
|
7.5 |
HIGH
Network
|
golang
opensuse
debian
fedoraproject
|
go
leap
debian_linux
fedora
|
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-16845
|
2024-11-21 14:07 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210229
|
7.4 |
HIGH
Network
|
nlnetlabs
|
routinator
|
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-17366
|
2024-11-21 14:07 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210230
|
6.1 |
MEDIUM
Network
|
chartkick_project
|
chartkick
|
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).
|
CWE-74
Injection
|
CVE-2020-16254
|
2024-11-21 14:07 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
