|
198641
|
7.5 |
HIGH
Network
|
puppet
|
puppet_server
puppetdb
puppet_enterprise
|
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource na…
|
NVD-CWE-noinfo
|
CVE-2020-7943
|
2024-11-21 14:38 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198642
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_desktop_central
|
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side reques…
|
CWE-611
CWE-918
XXE
Server-Side Request Forgery (SSRF)
|
CVE-2020-8540
|
2024-11-21 14:38 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198643
|
6.5 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit UR…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2020-8439
|
2024-11-21 14:38 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198644
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.
|
CWE-269
Improper Privilege Management
|
CVE-2020-8113
|
2024-11-21 14:38 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198645
|
8.8 |
HIGH
Network
|
phpipam
|
phpipam
|
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and function…
|
CWE-352
Origin Validation Error
|
CVE-2020-7988
|
2024-11-21 14:38 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198646
|
7.5 |
HIGH
Network
|
bittorrent
|
utorrent
|
The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-8437
|
2024-11-21 14:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198647
|
2.5 |
LOW
Local
|
suse
opensuse
|
linux_enterprise_server
leap
|
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for spe…
|
-
|
CVE-2020-8013
|
2024-11-21 14:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198648
|
7.2 |
HIGH
Network
|
artica
|
pandora_fms
|
In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-8500
|
2024-11-21 14:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198649
|
9.8 |
CRITICAL
Network
|
pdf-image_project
|
pdf-image
|
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
|
CWE-20
Improper Input Validation
|
CVE-2020-8132
|
2024-11-21 14:38 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198650
|
6.1 |
MEDIUM
Network
|
revealjs
|
reveal.js
|
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8127
|
2024-11-21 14:38 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
