|
209521
|
7.8 |
HIGH
Local
|
chocolatey
|
boxstarter
|
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged use…
|
-
|
CVE-2020-15264
|
2024-11-21 14:05 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209522
|
6.7 |
MEDIUM
Local
|
veyon
|
veyon
|
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables wit…
|
-
|
CVE-2020-15261
|
2024-11-21 14:05 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209523
|
9.8 |
CRITICAL
Network
|
object-path_project
|
object-path
|
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is u…
|
NVD-CWE-Other
|
CVE-2020-15256
|
2024-11-21 14:05 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209524
|
4.3 |
MEDIUM
Network
|
sylius
|
sylius
|
In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This ma…
|
CWE-862
Missing Authorization
|
CVE-2020-15245
|
2024-11-21 14:05 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209525
|
7.3 |
HIGH
Local
|
anuko
|
time_tracker
|
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for exampl…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-15255
|
2024-11-21 14:05 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209526
|
8.8 |
HIGH
Network
|
xwiki
|
xwiki
|
In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantia…
|
CWE-74
Injection
|
CVE-2020-15252
|
2024-11-21 14:05 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209527
|
8.0 |
HIGH
Network
|
wire
|
wire
|
In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with a…
|
-
|
CVE-2020-15258
|
2024-11-21 14:05 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209528
|
9.8 |
CRITICAL
Network
|
crossbeam_project
|
crossbeam
|
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as th…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-15254
|
2024-11-21 14:05 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209529
|
4.8 |
MEDIUM
Network
|
grocy
|
grocy
|
Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries,…
|
-
|
CVE-2020-15253
|
2024-11-21 14:05 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209530
|
9.3 |
CRITICAL
Network
|
sylabs
opensuse
|
singularity
leap
backports_sle
|
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`,…
|
-
|
CVE-2020-15229
|
2024-11-21 14:05 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
