|
210921
|
4.9 |
MEDIUM
Network
|
nagios
fedoraproject
|
nagios
fedora
|
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of t…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2020-13977
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210922
|
8.8 |
HIGH
Network
|
dd-wrt
|
dd-wrt
|
An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation…
|
CWE-78
OS Command
|
CVE-2020-13976
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210923
|
7.8 |
HIGH
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-13974
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210924
|
6.1 |
MEDIUM
Network
|
owasp
|
json-sanitizer
|
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as Ja…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13973
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210925
|
6.1 |
MEDIUM
Network
|
roundcube
debian
fedoraproject
|
webmail
debian_linux
fedora
|
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13965
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210926
|
6.1 |
MEDIUM
Network
|
roundcube
fedoraproject
debian
|
webmail
fedora
debian_linux
|
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13964
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210927
|
7.5 |
HIGH
Network
|
mumble
qt
fedoraproject
opensuse
|
mumble
qt
fedora
leap
|
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors le…
|
NVD-CWE-noinfo
|
CVE-2020-13962
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210928
|
7.5 |
HIGH
Network
|
dlink
|
dsl-2730u_firmware
dir-600m_firmware
|
D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (a…
|
NVD-CWE-noinfo
|
CVE-2020-13960
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210929
|
7.8 |
HIGH
Local
|
citrix
|
workspace_app
|
Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13885
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210930
|
7.8 |
HIGH
Local
|
citrix
|
workspace_app
|
Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13884
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
