|
211241
|
7.5 |
HIGH
Network
|
zeromq
fedoraproject
debian
|
libzmq
fedora
debian_linux
|
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and con…
|
-
|
CVE-2020-15166
|
2024-11-21 14:04 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211242
|
7.0 |
HIGH
Network
|
ctrip
|
apollo
|
apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internet(which is not recommended), there are potential security issues since apoll…
|
NVD-CWE-Other
|
CVE-2020-15170
|
2024-11-21 14:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211243
|
5.3 |
MEDIUM
Network
|
node-fetch_project
|
node-fetch
|
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get throw…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-15168
|
2024-11-21 14:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211244
|
8.2 |
HIGH
Network
|
linuxfoundation
|
the_update_framework
|
Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This al…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-15163
|
2024-11-21 14:04 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211245
|
8.6 |
HIGH
Local
|
johnkerl
|
miller
|
In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc`…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-15167
|
2024-11-21 14:04 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211246
|
8.8 |
HIGH
Network
|
sensiolabs
fedoraproject
|
httpclient
symfony
fedora
|
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X…
|
-
|
CVE-2020-15094
|
2024-11-21 14:04 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211247
|
9.8 |
CRITICAL
Network
|
duffel
|
paginator
|
There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially aff…
|
-
|
CVE-2020-15150
|
2024-11-21 14:04 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211248
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15020
|
2024-11-21 14:04 |
2020-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211249
|
7.6 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script f…
|
-
|
CVE-2020-15159
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211250
|
7.3 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. Th…
|
-
|
CVE-2020-15155
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
