|
215101
|
9.8 |
CRITICAL
Network
|
smartbear
|
readyapi
|
An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into th…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-12835
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215102
|
9.8 |
CRITICAL
Network
|
wso2
|
api_manager
|
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-13226
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215103
|
4.8 |
MEDIUM
Network
|
phpipam
|
phpipam
|
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13225
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215104
|
7.5 |
HIGH
Network
|
wireshark
debian
opensuse
fedoraproject
|
wireshark
debian_linux
leap
fedora
|
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a c…
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-13164
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215105
|
7.4 |
HIGH
Network
|
em-imap_project
|
em-imap
|
em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is no…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-13163
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215106
|
9.8 |
CRITICAL
Network
|
netsweeper
|
netsweeper
|
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and …
|
CWE-78
OS Command
|
CVE-2020-13167
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215107
|
9.8 |
CRITICAL
Network
|
mylittletools
|
mylittleadmin
|
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-13166
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215108
|
7.5 |
HIGH
Network
|
nlnetlabs
debian
opensuse
canonical
fedoraproject
|
unbound
debian_linux
leap
ubuntu_linux
fedora
|
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-12663
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215109
|
7.5 |
HIGH
Network
|
nlnetlabs
debian
opensuse
canonical
fedoraproject
|
unbound
debian_linux
leap
ubuntu_linux
fedora
|
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-12662
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215110
|
7.5 |
HIGH
Network
|
nic
|
knot_resolver
|
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME i…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-12667
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
