|
199211
|
5.4 |
MEDIUM
Network
|
totemo
|
totemomail
|
An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-7918
|
2024-11-21 14:38 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199212
|
7.7 |
HIGH
Network
|
puppet
|
continuous_delivery
|
In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analy…
|
CWE-200
Information Exposure
|
CVE-2020-7944
|
2024-11-21 14:38 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199213
|
7.2 |
HIGH
Network
|
artica
|
pandora_fms
|
In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-8511
|
2024-11-21 14:38 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199214
|
7.2 |
HIGH
Network
|
artica
|
pandora_fms
|
Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or us…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-7935
|
2024-11-21 14:38 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199215
|
5.3 |
MEDIUM
Network
|
artica
|
pandora_fms
|
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-8497
|
2024-11-21 14:38 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199216
|
6.7 |
MEDIUM
Local
|
nextcloud
|
desktop
|
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.
|
CWE-94
Code Injection
|
CVE-2020-8140
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199217
|
6.5 |
MEDIUM
Network
|
nextcloud
fedoraproject
|
nextcloud_server
fedora
|
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.
|
CWE-862
Missing Authorization
|
CVE-2020-8139
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199218
|
6.5 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar U…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-8138
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199219
|
9.8 |
CRITICAL
Network
|
blamer_project
|
blamer
|
Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.
|
CWE-94
Code Injection
|
CVE-2020-8137
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199220
|
7.5 |
HIGH
Network
|
fastify
|
fastify-multipart
|
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8136
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
