|
197881
|
8.8 |
HIGH
Network
|
1up
|
oneupuploaderbundle
|
Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to…
|
CWE-22
Path Traversal
|
CVE-2020-5237
|
2024-11-21 14:33 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197882
|
8.8 |
HIGH
Network
|
ipmitool_project
debian
fedoraproject
opensuse
|
ipmitool
debian_linux
fedora
leap
|
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote co…
|
-
|
CVE-2020-5208
|
2024-11-21 14:33 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197883
|
6.5 |
MEDIUM
Network
|
agendaless
|
waitress
|
Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regula…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-5236
|
2024-11-21 14:33 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197884
|
9.8 |
CRITICAL
Network
|
nanopb_project
|
nanopb
|
There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated s…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-5235
|
2024-11-21 14:33 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197885
|
6.5 |
MEDIUM
Network
|
cmsjunkie
|
j-businessdirectory
|
The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="n…
|
CWE-269
Improper Privilege Management
|
CVE-2020-5182
|
2024-11-21 14:33 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197886
|
6.5 |
MEDIUM
Network
|
messagepack
|
messagepack
|
MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Secur…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-5234
|
2024-11-21 14:33 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197887
|
8.7 |
HIGH
Network
|
ens.domains
|
ethereum_name_service
|
A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is …
|
NVD-CWE-Other
|
CVE-2020-5232
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197888
|
6.5 |
MEDIUM
Network
|
apereo
|
opencast
|
In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role i…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5231
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197889
|
10.0 |
CRITICAL
Network
|
apereo
|
opencast
|
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect giv…
|
CWE-287
Improper Authentication
|
CVE-2020-5206
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197890
|
8.8 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-5222
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
