|
200651
|
3.5 |
LOW
Network
|
viewvc
|
viewvc
|
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5283
|
2024-11-21 14:33 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200652
|
6.5 |
MEDIUM
Network
|
ctfd
|
rctf
|
In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. An attacker team could poten…
|
CWE-384
Session Fixation
|
CVE-2020-5290
|
2024-11-21 14:33 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200653
|
9.8 |
CRITICAL
Network
|
dell
|
idrac7_firmware
idrac8_firmware
idrac9_firmware
|
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulner…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-5344
|
2024-11-21 14:33 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200654
|
8.8 |
HIGH
Network
|
leantime
|
leantime
|
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiali…
|
CWE-89
SQL Injection
|
CVE-2020-5292
|
2024-11-21 14:33 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200655
|
7.8 |
HIGH
Local
|
projectatomic
debian
archlinux
centos
|
bubblewrap
debian_linux
arch_linux
centos
|
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process kee…
|
CWE-269
Improper Privilege Management
|
CVE-2020-5291
|
2024-11-21 14:33 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200656
|
6.5 |
MEDIUM
Network
|
elide
|
elide
|
In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The ad…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-5289
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200657
|
4.3 |
MEDIUM
Network
|
zeit
|
next.js
|
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the…
|
CWE-22
Path Traversal
|
CVE-2020-5284
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200658
|
8.1 |
HIGH
Network
|
sensiolabs
|
symfony
|
In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides …
|
CWE-863
Incorrect Authorization
|
CVE-2020-5275
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200659
|
5.4 |
MEDIUM
Network
|
sensiolabs
|
symfony
|
In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-5274
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200660
|
4.3 |
MEDIUM
Network
|
sensiolabs
|
symfony
|
In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the r…
|
CWE-20
Improper Input Validation
|
CVE-2020-5255
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
