|
211881
|
9.8 |
CRITICAL
Network
|
apache
|
netbeans
|
To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project.…
|
NVD-CWE-noinfo
|
CVE-2020-11986
|
2024-11-21 13:59 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211882
|
8.8 |
HIGH
Network
|
foxitsoftware
|
phantompdf
reader
|
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-12248
|
2024-11-21 13:59 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211883
|
7.1 |
HIGH
Local
|
foxitsoftware
|
phantompdf
reader
|
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-12247
|
2024-11-21 13:59 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211884
|
6.1 |
MEDIUM
Network
|
oscommerce
|
ce_phoenix
|
Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2020-12058
|
2024-11-21 13:59 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211885
|
6.1 |
MEDIUM
Physics
|
teamwire
|
teamwire
|
The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-12621
|
2024-11-21 13:59 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211886
|
5.4 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12646
|
2024-11-21 13:59 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211887
|
9.8 |
CRITICAL
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-12645
|
2024-11-21 13:59 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211888
|
5.0 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-12644
|
2024-11-21 13:59 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211889
|
4.3 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-12643
|
2024-11-21 13:59 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211890
|
8.8 |
HIGH
Network
|
mitel
|
mivoice_connect
|
A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper renderin…
|
CWE-22
Path Traversal
|
CVE-2020-12456
|
2024-11-21 13:59 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
