|
199481
|
5.4 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29003
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199482
|
4.8 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29002
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199483
|
9.8 |
CRITICAL
Network
|
gitea
|
gitea
|
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_…
|
NVD-CWE-noinfo
|
CVE-2020-28991
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199484
|
9.8 |
CRITICAL
Network
|
spip
debian
|
spip
debian_linux
|
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
|
NVD-CWE-noinfo
|
CVE-2020-28984
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199485
|
6.1 |
MEDIUM
Network
|
magicpin
|
magicpin
|
There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28927
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199486
|
5.3 |
MEDIUM
Network
|
neomutt
mutt
debian
|
neomutt
mutt
debian_linux
|
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and t…
|
CWE-287
CWE-755
Improper Authentication
Improper Handling of Exceptional Conditions
|
CVE-2020-28896
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199487
|
9.8 |
CRITICAL
Network
|
winscp
|
winscp
|
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-28864
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199488
|
7.5 |
HIGH
Network
|
scikit-learn
|
scikit-learn
|
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced…
|
NVD-CWE-noinfo
|
CVE-2020-28975
|
2024-11-21 14:23 |
2020-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199489
|
7.8 |
HIGH
Local
|
netskope
|
netskope
|
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-28845
|
2024-11-21 14:23 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199490
|
5.0 |
MEDIUM
Physics
|
linux
debian
|
linux_kernel
debian_linux
|
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-28974
|
2024-11-21 14:23 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
