|
196831
|
5.4 |
MEDIUM
Network
|
gistpress_project
|
gistpress
|
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor …
|
CWE-79
Cross-site Scripting
|
CVE-2020-8498
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196832
|
4.8 |
MEDIUM
Network
|
kronos
|
web_time_and_attendance
|
In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as …
|
CWE-79
Cross-site Scripting
|
CVE-2020-8496
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196833
|
7.5 |
HIGH
Network
|
kronos
|
web_time_and_attendance
|
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unaut…
|
CWE-862
Missing Authorization
|
CVE-2020-8495
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196834
|
8.8 |
HIGH
Network
|
kronos
|
web_time_and_attendance
|
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privil…
|
NVD-CWE-noinfo
|
CVE-2020-8494
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196835
|
4.8 |
MEDIUM
Network
|
kronos
|
web_time_and_attendance
|
A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instruction…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8493
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196836
|
5.5 |
MEDIUM
Local
|
bitdefender
|
total_security_2020
|
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device.
|
CWE-20
Improper Input Validation
|
CVE-2020-8095
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196837
|
6.5 |
MEDIUM
Network
|
python
opensuse
canonical
fedoraproject
debian
|
python
leap
ubuntu_linux
fedora
debian_linux
|
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks agains…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8492
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196838
|
7.8 |
HIGH
Local
|
bitdefender
|
antivirus
|
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
|
CWE-74
Injection
|
CVE-2020-8093
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196839
|
5.5 |
MEDIUM
Local
|
bitdefender
|
antivirus
|
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. Thi…
|
CWE-269
Improper Privilege Management
|
CVE-2020-8092
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196840
|
5.5 |
MEDIUM
Local
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written direc…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-8448
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
