|
199741
|
5.3 |
MEDIUM
Network
|
p11-kit_project
|
p11-kit
|
An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-29362
|
2024-11-21 14:23 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199742
|
7.5 |
HIGH
Network
|
p11-kit_project
debian
|
p11-kit
debian_linux
|
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-29361
|
2024-11-21 14:23 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199743
|
6.1 |
MEDIUM
Network
|
directoriespro
|
directories_pro
|
A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a s…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29304
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199744
|
6.1 |
MEDIUM
Network
|
directoriespro
|
directories_pro
|
A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29303
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199745
|
5.3 |
MEDIUM
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sens…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-28861
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199746
|
8.8 |
HIGH
Network
|
openasset
|
digital_asset_management
|
OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.
|
CWE-89
SQL Injection
|
CVE-2020-28860
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199747
|
6.1 |
MEDIUM
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28859
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199748
|
8.8 |
HIGH
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forger…
|
CWE-352
Origin Validation Error
|
CVE-2020-28858
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199749
|
6.1 |
MEDIUM
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28857
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199750
|
7.5 |
HIGH
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-28856
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
