|
210591
|
8.8 |
HIGH
Network
|
sylius
|
syliusresourcebundle
|
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized pro…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2020-15143
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210592
|
5.4 |
MEDIUM
Network
|
auth0
|
lock
|
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-s…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15119
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210593
|
9.9 |
CRITICAL
Network
|
nodebb
|
nodebb
|
NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially …
|
CWE-287
Improper Authentication
|
CVE-2020-15149
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210594
|
9.1 |
CRITICAL
Network
|
contiki-ng
|
contiki-ng
|
Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified dur…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2020-14937
|
2024-11-21 14:04 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210595
|
9.8 |
CRITICAL
Network
|
contiki-ng
|
contiki-ng
|
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writi…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14936
|
2024-11-21 14:04 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210596
|
9.8 |
CRITICAL
Network
|
contiki-ng
|
contiki-ng
|
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input messa…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14935
|
2024-11-21 14:04 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210597
|
9.8 |
CRITICAL
Network
|
contiki-ng
|
contiki-ng
|
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the c…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14934
|
2024-11-21 14:04 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210598
|
9.1 |
CRITICAL
Network
|
ftp-srv_project
|
ftp-srv
|
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-15152
|
2024-11-21 14:04 |
2020-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210599
|
9.0 |
CRITICAL
Network
|
openapi-python-client_project
|
openapi-python-client
|
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbit…
|
CWE-94
Code Injection
|
CVE-2020-15142
|
2024-11-21 14:04 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210600
|
4.1 |
MEDIUM
Network
|
openapi-python-client_project
|
openapi-python-client
|
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files t…
|
-
|
CVE-2020-15141
|
2024-11-21 14:04 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
