|
197221
|
8.1 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causi…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-5229
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197222
|
7.5 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active u…
|
CWE-862
Missing Authorization
|
CVE-2020-5228
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197223
|
6.1 |
MEDIUM
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
|
CWE-601
Open Redirect
|
CVE-2020-5233
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197224
|
7.5 |
HIGH
Network
|
feedgen_project
|
feedgen
|
Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *feedgen* library allows supplying XML as content for some of the available fields. This XML will be parsed …
|
CWE-776
XML Entity Expansion
|
CVE-2020-5227
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197225
|
7.5 |
HIGH
Network
|
google
|
tensorflow
|
In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the gra…
|
CWE-20
Improper Input Validation
|
CVE-2020-5215
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197226
|
9.8 |
CRITICAL
Network
|
nethack
|
nethack
|
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escala…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5211
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197227
|
9.8 |
CRITICAL
Network
|
nethack
|
nethack
|
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects syst…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5214
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197228
|
9.8 |
CRITICAL
Network
|
nethack
|
nethack
|
In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerabilit…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5213
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197229
|
9.8 |
CRITICAL
Network
|
nethack
|
nethack
|
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulne…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5212
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197230
|
7.8 |
HIGH
Local
|
nethack
|
nethack
|
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects s…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5210
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
