|
213641
|
6.5 |
MEDIUM
Network
|
tendermint
|
tendermint
|
TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-15091
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213642
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6
|
CWE-79
Cross-site Scripting
|
CVE-2020-15083
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213643
|
8.8 |
HIGH
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6
|
NVD-CWE-Other
|
CVE-2020-15082
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213644
|
5.3 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.p…
|
CWE-200
Information Exposure
|
CVE-2020-15081
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213645
|
5.3 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible…
|
CWE-862
Missing Authorization
|
CVE-2020-15080
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213646
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6
|
NVD-CWE-noinfo
|
CVE-2020-15079
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213647
|
8.8 |
HIGH
Network
|
factorfx
|
open_computer_software_inventory_next_generation
|
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandl…
|
CWE-78
OS Command
|
CVE-2020-14947
|
2024-11-21 14:04 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213648
|
8.8 |
HIGH
Network
|
squid-cache
fedoraproject
|
squid
fedora
|
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-15049
|
2024-11-21 14:04 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213649
|
8.8 |
HIGH
Network
|
prestosql
|
presto
|
In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication conf…
|
NVD-CWE-Other
|
CVE-2020-15087
|
2024-11-21 14:04 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213650
|
6.1 |
MEDIUM
Local
|
mirumee
|
saleor
|
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with…
|
-
|
CVE-2020-15085
|
2024-11-21 14:04 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
