|
210481
|
3.7 |
LOW
Network
|
typo3
|
typo3
|
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enum…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-11063
|
2024-11-21 13:56 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210482
|
10.0 |
CRITICAL
Network
|
typo3
|
typo3
|
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modifi…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-11066
|
2024-11-21 13:56 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210483
|
7.8 |
HIGH
Local
|
autoswitch_python_virtualenv_project
|
autoswitch_python_virtualenv
|
In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.1…
|
CWE-22
Path Traversal
|
CVE-2020-11073
|
2024-11-21 13:56 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210484
|
5.4 |
MEDIUM
Network
|
typo3
|
svg_sanitizer
|
The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11070
|
2024-11-21 13:56 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210485
|
2.2 |
LOW
Network
|
freerdp
canonical
debian
|
freerdp
ubuntu_linux
debian_linux
|
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a …
|
-
|
CVE-2020-11058
|
2024-11-21 13:56 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210486
|
8.8 |
HIGH
Network
|
xwiki
|
xwiki
|
In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3…
|
CWE-94
Code Injection
|
CVE-2020-11057
|
2024-11-21 13:56 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210487
|
5.4 |
MEDIUM
Network
|
glpi-project
|
glpi
|
In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11062
|
2024-11-21 13:56 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210488
|
8.8 |
HIGH
Network
|
glpi-project
|
glpi
|
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a…
|
CWE-352
Origin Validation Error
|
CVE-2020-11060
|
2024-11-21 13:56 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210489
|
8.6 |
HIGH
Network
|
simpleledger
|
slp-validate
|
In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow…
|
CWE-697
Incorrect Comparison
|
CVE-2020-11072
|
2024-11-21 13:56 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210490
|
8.6 |
HIGH
Network
|
simpleledger
|
slpjs
|
SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet c…
|
CWE-697
Incorrect Comparison
|
CVE-2020-11071
|
2024-11-21 13:56 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
