|
209511
|
9.6 |
CRITICAL
Network
|
git-tag-annotation-action_project
|
git-tag-annotation-action
|
In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to…
|
-
|
CVE-2020-15272
|
2024-11-21 14:05 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209512
|
8.8 |
HIGH
Network
|
lookatme_project
|
lookatme
|
In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown …
|
CWE-78
OS Command
|
CVE-2020-15271
|
2024-11-21 14:05 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209513
|
4.3 |
MEDIUM
Network
|
parseplatform
|
parse-server
|
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription object…
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2020-15270
|
2024-11-21 14:05 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209514
|
7.5 |
HIGH
Network
|
google
|
tensorflow
|
In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Atte…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-15266
|
2024-11-21 14:05 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209515
|
7.5 |
HIGH
Network
|
google
|
tensorflow
|
In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tens…
|
-
|
CVE-2020-15265
|
2024-11-21 14:05 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209516
|
7.2 |
HIGH
Network
|
openmage
|
magento
|
In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through prod…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-15244
|
2024-11-21 14:05 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209517
|
9.1 |
CRITICAL
Network
|
sparksolutions
|
spree
|
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround wit…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-15269
|
2024-11-21 14:05 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209518
|
9.1 |
CRITICAL
Network
|
auth0
|
omniauth-auth0
|
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can al…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-15240
|
2024-11-21 14:05 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209519
|
6.1 |
MEDIUM
Network
|
orchid
|
platform
|
In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.…
|
-
|
CVE-2020-15263
|
2024-11-21 14:05 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209520
|
3.7 |
LOW
Network
|
webpack-subresource-integrity_project
|
webpack-subresource-integrity
|
In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their …
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-15262
|
2024-11-21 14:05 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
