|
209291
|
7.5 |
HIGH
Network
|
miniweb_http_server_project
|
miniweb_http_server
|
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-29596
|
2024-11-21 14:24 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209292
|
4.3 |
MEDIUM
Network
|
atlassian
|
crucible
|
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29447
|
2024-11-21 14:24 |
2020-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209293
|
7.5 |
HIGH
Network
|
golang
|
ssh
|
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-29652
|
2024-11-21 14:24 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209294
|
7.2 |
HIGH
Network
|
pluck-cms
|
pluck
|
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remo…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29607
|
2024-11-21 14:24 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209295
|
9.1 |
CRITICAL
Network
|
icinga
|
icinga
|
Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-29663
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209296
|
7.5 |
HIGH
Network
|
xen
|
xapi
|
An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and da…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-29487
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209297
|
5.5 |
MEDIUM
Local
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. Th…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-29485
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209298
|
6.2 |
MEDIUM
Local
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-29570
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209299
|
6.0 |
MEDIUM
Local
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run an…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-29486
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209300
|
6.0 |
MEDIUM
Local
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore …
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-29484
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
