|
210921
|
9.1 |
CRITICAL
Network
|
libexif_project
debian
canonical
opensuse
|
libexif
debian_linux
ubuntu_linux
leap
|
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-13112
|
2024-11-21 14:00 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210922
|
8.8 |
HIGH
Network
|
centreon
|
centreon
|
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include…
|
CWE-78
OS Command
|
CVE-2020-13252
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210923
|
8.8 |
HIGH
Network
|
mariadb
opensuse
fedoraproject
|
connector\/c
leap
fedora
|
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code s…
|
NVD-CWE-noinfo
|
CVE-2020-13249
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210924
|
7.8 |
HIGH
Local
|
microweber
|
microweber
|
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User scr…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13241
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210925
|
7.5 |
HIGH
Network
|
gitea
|
gitea
|
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another.
|
CWE-667
Improper Locking
|
CVE-2020-13246
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210926
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mec…
|
CWE-668
CWE-276
Exposure of Resource to Wrong Sphere
Incorrect Default Permissions
|
CVE-2020-13240
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210927
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13239
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210928
|
6.5 |
MEDIUM
Network
|
cacti
fedoraproject
|
cacti
fedora
|
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
|
CWE-352
Origin Validation Error
|
CVE-2020-13231
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210929
|
4.3 |
MEDIUM
Network
|
cacti
debian
fedoraproject
|
cacti
debian_linux
fedora
|
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-13230
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210930
|
5.5 |
MEDIUM
Local
|
kde
|
amarok
|
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time,…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-13152
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
