|
212941
|
6.1 |
MEDIUM
Network
|
getgrav
|
grav
|
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.
|
CWE-601
Open Redirect
|
CVE-2020-11529
|
2024-11-21 13:58 |
2020-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212942
|
7.5 |
HIGH
Network
|
bit2spr_project
|
bit2spr
|
bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-11528
|
2024-11-21 13:58 |
2020-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212943
|
7.5 |
HIGH
Network
|
zohocorp
|
manageengine_opmanager
|
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
|
NVD-CWE-noinfo
|
CVE-2020-11527
|
2024-11-21 13:58 |
2020-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212944
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_adselfservice_plus
|
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
|
NVD-CWE-noinfo
|
CVE-2020-11518
|
2024-11-21 13:58 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212945
|
7.4 |
HIGH
Network
|
gnu
debian
opensuse
canonical
fedoraproject
|
gnutls
debian_linux
leap
ubuntu_linux
fedora
|
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' by…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-11501
|
2024-11-21 13:58 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212946
|
7.5 |
HIGH
Network
|
zoom
|
meetings
|
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-11500
|
2024-11-21 13:58 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212947
|
6.1 |
MEDIUM
Network
|
firmware_analysis_and_comparison_tool_project
|
firmware_analysis_and_comparison_tool
|
Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFuncti…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11499
|
2024-11-21 13:58 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212948
|
8.8 |
HIGH
Network
|
slack
|
nebula
|
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can…
|
CWE-22
Path Traversal
|
CVE-2020-11498
|
2024-11-21 13:58 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212949
|
4.4 |
MEDIUM
Local
|
linux
opensuse
debian
canonical
|
linux_kernel
leap
debian_linux
ubuntu_linux
|
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive infor…
|
CWE-908
CWE-909
Use of Uninitialized Resource
Missing Initialization of Resource
|
CVE-2020-11494
|
2024-11-21 13:58 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212950
|
4.9 |
MEDIUM
Network
|
zevenet
|
zen_load_balancer
|
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.
|
CWE-22
Path Traversal
|
CVE-2020-11491
|
2024-11-21 13:58 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
