|
197851
|
5.5 |
MEDIUM
Local
|
easybuild_project
|
easybuild
|
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuil…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-5262
|
2024-11-21 14:33 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197852
|
8.5 |
HIGH
Network
|
labdigital
|
wagtail-2fa
|
In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so.…
|
CWE-863
Incorrect Authorization
|
CVE-2020-5240
|
2024-11-21 14:33 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197853
|
8.1 |
HIGH
Network
|
thoughtbot
|
administrate
|
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present …
|
CWE-89
SQL Injection
|
CVE-2020-5257
|
2024-11-21 14:33 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197854
|
9.8 |
CRITICAL
Network
|
fatfreeframework
|
fat-free_framework
|
In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method.
|
CWE-94
CWE-20
Code Injection
Improper Input Validation
|
CVE-2020-5203
|
2024-11-21 14:33 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197855
|
8.6 |
HIGH
Network
|
linuxfoundation
|
dojox
|
In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language co…
|
CWE-74
Injection
|
CVE-2020-5259
|
2024-11-21 14:33 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197856
|
7.7 |
HIGH
Network
|
linuxfoundation
debian
oracle
|
dojo
debian_linux
webcenter_sites
primavera_unifier
communications_policy_management
weblogic_server
mysql
communications_pricing_design_center
documaker
communications_app…
|
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language …
|
-
|
CVE-2020-5258
|
2024-11-21 14:33 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197857
|
8.1 |
HIGH
Network
|
nethack
|
nethack
|
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-5254
|
2024-11-21 14:33 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197858
|
9.8 |
CRITICAL
Network
|
nethack
|
nethack
|
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
|
CWE-269
Improper Privilege Management
|
CVE-2020-5253
|
2024-11-21 14:33 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197859
|
7.8 |
HIGH
Local
|
dell
|
digital_delivery
|
Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5342
|
2024-11-21 14:33 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197860
|
8.8 |
HIGH
Network
|
bookstackapp
|
bookstack
|
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-5256
|
2024-11-21 14:33 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
