|
210191
|
7.2 |
HIGH
Network
|
cacti
fedoraproject
|
cacti
fedora
|
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
|
CWE-89
SQL Injection
|
CVE-2020-14295
|
2024-11-21 14:02 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210192
|
6.5 |
MEDIUM
Network
|
zammad
|
zammad
|
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all ticke…
|
CWE-863
Incorrect Authorization
|
CVE-2020-14214
|
2024-11-21 14:02 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210193
|
5.4 |
MEDIUM
Network
|
zammad
|
zammad
|
In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
|
CWE-862
Missing Authorization
|
CVE-2020-14213
|
2024-11-21 14:02 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210194
|
8.8 |
HIGH
Network
|
ffmpeg
|
ffmpeg
|
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14212
|
2024-11-21 14:02 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210195
|
6.1 |
MEDIUM
Network
|
monitorapp
|
web_application_firewall
application_insight_web_application
|
Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL info…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14210
|
2024-11-21 14:02 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210196
|
6.5 |
MEDIUM
Network
|
satoshilabs
|
trezor_model_t_firmware
trezor_one_firmware
|
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading t…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-14199
|
2024-11-21 14:02 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210197
|
8.1 |
HIGH
Network
|
fasterxml
netapp
debian
oracle
|
jackson-databind
steelstore_cloud_integrated_storage
active_iq_unified_manager
debian_linux
agile_plm
banking_digital_experience
communications_instant_messaging_server
communica…
|
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14195
|
2024-11-21 14:02 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210198
|
7.5 |
HIGH
Network
|
jerryscript
|
jerryscript
|
An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-14163
|
2024-11-21 14:02 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210199
|
8.8 |
HIGH
Network
|
connectwise
|
automate_api
|
By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL…
|
CWE-89
SQL Injection
|
CVE-2020-14159
|
2024-11-21 14:02 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210200
|
8.8 |
HIGH
Network
|
openbmc-project
|
openbmc
|
user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-14156
|
2024-11-21 14:02 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
