|
201141
|
4.3 |
MEDIUM
Network
|
zeit
|
next.js
|
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the…
|
CWE-22
Path Traversal
|
CVE-2020-5284
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201142
|
8.1 |
HIGH
Network
|
sensiolabs
|
symfony
|
In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides …
|
CWE-863
Incorrect Authorization
|
CVE-2020-5275
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201143
|
5.4 |
MEDIUM
Network
|
sensiolabs
|
symfony
|
In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-5274
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201144
|
4.3 |
MEDIUM
Network
|
sensiolabs
|
symfony
|
In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the r…
|
CWE-20
Improper Input Validation
|
CVE-2020-5255
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201145
|
7.5 |
HIGH
Network
|
sonicwall
|
sma1000_firmware
|
A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA100…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-5129
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201146
|
4.8 |
MEDIUM
Network
|
emc
|
rsa_authentication_manager
|
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5340
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201147
|
4.8 |
MEDIUM
Network
|
emc
|
rsa_authentication_manager
|
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5339
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201148
|
9.8 |
CRITICAL
Network
|
nick_chan_bot_project
|
nick_chan_bot
|
In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot Thi…
|
CWE-78
OS Command
|
CVE-2020-5282
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201149
|
5.4 |
MEDIUM
Network
|
prestashop
|
faceted_search_module
|
PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. The problem is fixed in 3.5.0
|
CWE-79
Cross-site Scripting
|
CVE-2020-5277
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201150
|
7.5 |
HIGH
Network
|
cesnet
|
perun
|
In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-5281
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
