|
210321
|
9.8 |
CRITICAL
Network
|
we-com
|
municipality_portal_cms
|
SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field.
|
CWE-89
SQL Injection
|
CVE-2020-15539
|
2024-11-21 14:05 |
2020-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210322
|
6.1 |
MEDIUM
Network
|
we-com
|
municipality_portal_cms
|
XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15538
|
2024-11-21 14:05 |
2020-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210323
|
6.1 |
MEDIUM
Network
|
vanguard_project
|
vanguard
|
An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15537
|
2024-11-21 14:05 |
2020-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210324
|
6.1 |
MEDIUM
Network
|
online_hotel_booking_system_project
|
online_hotel_booking_system
|
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15536
|
2024-11-21 14:05 |
2020-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210325
|
6.1 |
MEDIUM
Network
|
bestsoftinc
|
car_rental_system
|
An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15535
|
2024-11-21 14:05 |
2020-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210326
|
7.5 |
HIGH
Network
|
wireshark
opensuse
debian
|
wireshark
leap
debian_linux
|
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-15466
|
2024-11-21 14:05 |
2020-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210327
|
7.8 |
HIGH
Local
|
valvesoftware
|
steam_client
|
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAM…
|
CWE-362
Race Condition
|
CVE-2020-15530
|
2024-11-21 14:05 |
2020-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210328
|
7.8 |
HIGH
Local
|
gog
|
galaxy
|
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak fil…
|
CWE-667
CWE-732
Improper Locking
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15529
|
2024-11-21 14:05 |
2020-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210329
|
7.8 |
HIGH
Local
|
gog
|
galaxy
|
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity che…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15528
|
2024-11-21 14:05 |
2020-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210330
|
7.8 |
HIGH
Local
|
python
netapp
|
python
snapcenter
|
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native appl…
|
CWE-427
CWE-908
Uncontrolled Search Path Element
Use of Uninitialized Resource
|
CVE-2020-15523
|
2024-11-21 14:05 |
2020-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
