|
198751
|
8.1 |
HIGH
Network
|
getgrav
|
grav_cms
|
The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vuln…
|
CWE-22
Path Traversal
|
CVE-2020-29555
|
2024-11-21 14:24 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198752
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_control_plus
|
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation.
|
NVD-CWE-noinfo
|
CVE-2020-29658
|
2024-11-21 14:24 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198753
|
5.3 |
MEDIUM
Network
|
atlassian
|
data_center
jira_server
jira_data_center
|
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attacker…
|
CWE-22
Path Traversal
|
CVE-2020-29453
|
2024-11-21 14:24 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198754
|
5.3 |
MEDIUM
Network
|
atlassian
|
confluence_server
confluence_data_center
|
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated r…
|
NVD-CWE-noinfo
|
CVE-2020-29448
|
2024-11-21 14:24 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198755
|
7.8 |
HIGH
Local
|
dji
|
mavic_2_firmware
|
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.
|
CWE-78
OS Command
|
CVE-2020-29664
|
2024-11-21 14:24 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198756
|
4.4 |
MEDIUM
Local
|
opcfoundation
|
ua-.netstandard
|
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-29457
|
2024-11-21 14:24 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198757
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira
data_center
jira_server
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The a…
|
NVD-CWE-noinfo
|
CVE-2020-29451
|
2024-11-21 14:24 |
2021-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198758
|
5.3 |
MEDIUM
Network
|
jetbrains
oracle
|
kotlin
communications_cloud_native_core_network_slice_selection_function
communications_cloud_native_core_policy
communications_cloud_native_core_service_communication_proxy
|
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permis…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-29582
|
2024-11-21 14:24 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198759
|
5.3 |
MEDIUM
Network
|
linuxfoundation
|
harbor
|
In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-29662
|
2024-11-21 14:24 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198760
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-825_r1_firmware
|
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-29557
|
2024-11-21 14:24 |
2021-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
