|
196831
|
9.8 |
CRITICAL
Network
|
nanopb_project
|
nanopb
|
There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated s…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-5235
|
2024-11-21 14:33 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196832
|
6.5 |
MEDIUM
Network
|
cmsjunkie
|
j-businessdirectory
|
The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="n…
|
CWE-269
Improper Privilege Management
|
CVE-2020-5182
|
2024-11-21 14:33 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196833
|
6.5 |
MEDIUM
Network
|
messagepack
|
messagepack
|
MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Secur…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-5234
|
2024-11-21 14:33 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196834
|
8.7 |
HIGH
Network
|
ens.domains
|
ethereum_name_service
|
A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is …
|
NVD-CWE-Other
|
CVE-2020-5232
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196835
|
6.5 |
MEDIUM
Network
|
apereo
|
opencast
|
In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role i…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5231
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196836
|
10.0 |
CRITICAL
Network
|
apereo
|
opencast
|
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect giv…
|
CWE-287
Improper Authentication
|
CVE-2020-5206
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196837
|
8.8 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-5222
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196838
|
7.5 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes use…
|
CWE-74
Injection
|
CVE-2020-5230
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196839
|
8.1 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causi…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-5229
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196840
|
7.5 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active u…
|
CWE-862
Missing Authorization
|
CVE-2020-5228
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
