|
209731
|
5.9 |
MEDIUM
Network
|
golang
cloudfoundry
debian
opensuse
fedoraproject
|
go
cf-deployment
routing-release
debian_linux
leap
fedora
|
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the…
|
CWE-362
Race Condition
|
CVE-2020-15586
|
2024-11-21 14:05 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209732
|
7.5 |
HIGH
Network
|
trendmicro
|
antivirus\+_2020
internet_security_2020
maximum_security_2020
premium_security_2020
|
An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a syste…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-15603
|
2024-11-21 14:05 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209733
|
5.6 |
MEDIUM
Network
|
ajv.js
|
ajv
|
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype polluti…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-15366
|
2024-11-21 14:05 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209734
|
7.8 |
HIGH
Local
|
trendmicro
|
antivirus\+_2020
internet_security_2020
maximum_security_2020
premium_security_2020
|
An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code o…
|
CWE-426
Untrusted Search Path
|
CVE-2020-15602
|
2024-11-21 14:05 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209735
|
7.5 |
HIGH
Network
|
torproject
|
tor
|
Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-15572
|
2024-11-21 14:05 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209736
|
9.8 |
CRITICAL
Network
|
sophos
|
xg_firewall_firmware
|
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the r…
|
CWE-89
SQL Injection
|
CVE-2020-15504
|
2024-11-21 14:05 |
2020-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209737
|
6.1 |
MEDIUM
Network
|
king-theme
|
kingcomposer
|
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX req…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15299
|
2024-11-21 14:05 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209738
|
5.9 |
MEDIUM
Network
|
red-gate
|
sql_monitor
|
In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifica…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15526
|
2024-11-21 14:05 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209739
|
6.5 |
MEDIUM
Network
|
cmsuno_project
|
cmsuno
|
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
|
CWE-352
Origin Validation Error
|
CVE-2020-15600
|
2024-11-21 14:05 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209740
|
6.1 |
MEDIUM
Network
|
victor_cms_project
|
victor_cms
|
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15599
|
2024-11-21 14:05 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
