|
210121
|
5.4 |
MEDIUM
Network
|
django_two-factor_authentication_project
|
django_two-factor_authentication
|
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-15105
|
2024-11-21 14:04 |
2020-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210122
|
8.6 |
HIGH
Network
|
amazon
|
tough
|
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumve…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-15093
|
2024-11-21 14:04 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210123
|
4.8 |
MEDIUM
Network
|
northwestern
|
timelinejs
|
In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whethe…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15092
|
2024-11-21 14:04 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210124
|
5.3 |
MEDIUM
Adjacent
|
yubico
|
yubikey_5_nfc_firmware
|
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is …
|
CWE-862
Missing Authorization
|
CVE-2020-15001
|
2024-11-21 14:04 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210125
|
5.9 |
MEDIUM
Network
|
yubico
|
yubikey_5_nfc_firmware
|
A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but…
|
NVD-CWE-Other
|
CVE-2020-15000
|
2024-11-21 14:04 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210126
|
5.4 |
MEDIUM
Network
|
phplist
|
phplist
|
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists se…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15073
|
2024-11-21 14:04 |
2020-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210127
|
8.8 |
HIGH
Network
|
phplist
|
phplist
|
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
|
CWE-89
SQL Injection
|
CVE-2020-15072
|
2024-11-21 14:04 |
2020-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210128
|
7.5 |
HIGH
Network
|
connectwise
|
connectwise_automate
|
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate serv…
|
CWE-89
SQL Injection
|
CVE-2020-15008
|
2024-11-21 14:04 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210129
|
4.4 |
MEDIUM
Local
|
npmjs
opensuse
fedoraproject
|
npm
leap
fedora
|
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:…
|
-
|
CVE-2020-15095
|
2024-11-21 14:04 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210130
|
5.4 |
MEDIUM
Network
|
nedi
|
nedi
|
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15035
|
2024-11-21 14:04 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
