|
211841
|
6.1 |
MEDIUM
Network
|
owasp
|
json-sanitizer
|
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as Ja…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13973
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211842
|
6.1 |
MEDIUM
Network
|
roundcube
debian
fedoraproject
|
webmail
debian_linux
fedora
|
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13965
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211843
|
6.1 |
MEDIUM
Network
|
roundcube
fedoraproject
debian
|
webmail
fedora
debian_linux
|
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13964
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211844
|
7.5 |
HIGH
Network
|
mumble
qt
fedoraproject
opensuse
|
mumble
qt
fedora
leap
|
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors le…
|
NVD-CWE-noinfo
|
CVE-2020-13962
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211845
|
7.5 |
HIGH
Network
|
dlink
|
dsl-2730u_firmware
dir-600m_firmware
|
D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (a…
|
NVD-CWE-noinfo
|
CVE-2020-13960
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211846
|
7.8 |
HIGH
Local
|
citrix
|
workspace_app
|
Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13885
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211847
|
7.8 |
HIGH
Local
|
citrix
|
workspace_app
|
Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13884
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211848
|
7.8 |
HIGH
Local
|
qbik
|
wingate
|
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-13866
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211849
|
7.3 |
HIGH
Local
|
solarwinds
|
advanced_monitoring_agent
|
SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-13912
|
2024-11-21 14:02 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211850
|
9.1 |
CRITICAL
Network
|
pengutronix
|
barebox
|
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds che…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-13910
|
2024-11-21 14:02 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
