|
210141
|
8.1 |
HIGH
Network
|
liferay
|
liferay_portal
dxp
|
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serial…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-15842
|
2024-11-21 14:06 |
2020-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210142
|
8.8 |
HIGH
Network
|
liferay
|
liferay_portal
dxp
|
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attacke…
|
NVD-CWE-noinfo
|
CVE-2020-15841
|
2024-11-21 14:06 |
2020-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210143
|
8.8 |
HIGH
Network
|
westerndigital
|
wd_discovery
|
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-15816
|
2024-11-21 14:06 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210144
|
6.5 |
MEDIUM
Network
|
gnu
|
libredwg
|
GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-15807
|
2024-11-21 14:06 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210145
|
8.1 |
HIGH
Network
|
graylog
|
graylog
|
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15813
|
2024-11-21 14:06 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210146
|
6.1 |
MEDIUM
Network
|
zabbix
fedoraproject
debian
opensuse
|
zabbix
fedora
debian_linux
leap
backports
|
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15803
|
2024-11-21 14:06 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210147
|
9.8 |
CRITICAL
Network
|
python
netapp
|
python
max_data
|
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file)…
|
CWE-426
Untrusted Search Path
|
CVE-2020-15801
|
2024-11-21 14:06 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210148
|
6.7 |
MEDIUM
Local
|
linux
opensuse
canonical
|
linux_kernel
leap
ubuntu_linux
|
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot…
|
CWE-862
Missing Authorization
|
CVE-2020-15780
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210149
|
7.5 |
HIGH
Network
|
socket.io-file_project
|
socket.io-file
|
A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir an…
|
CWE-22
Path Traversal
|
CVE-2020-15779
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210150
|
6.1 |
MEDIUM
Network
|
rosariosis
|
rosariosis
|
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inac…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15718
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
