|
209721
|
3.5 |
LOW
Network
|
projectcalico
|
calico
|
Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with suffic…
|
CWE-200
Information Exposure
|
CVE-2020-13597
|
2024-11-21 14:01 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209722
|
9.8 |
CRITICAL
Network
|
sabberworm
|
php_css_parser
|
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input fr…
|
CWE-94
Code Injection
|
CVE-2020-13756
|
2024-11-21 14:01 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209723
|
6.1 |
MEDIUM
Network
|
djangoproject
fedoraproject
canonical
netapp
debian
oracle
|
django
fedora
ubuntu_linux
steelstore_cloud_integrated_storage
sra_plugin
debian_linux
zfs_storage_appliance_kit
|
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility …
|
CWE-79
Cross-site Scripting
|
CVE-2020-13596
|
2024-11-21 14:01 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209724
|
6.7 |
MEDIUM
Local
|
systemd_project
netapp
fedoraproject
|
systemd
solidfire_\&_hci_management_node
active_iq_unified_manager
fedora
|
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user acc…
|
CWE-269
Improper Privilege Management
|
CVE-2020-13776
|
2024-11-21 14:01 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209725
|
6.5 |
MEDIUM
Network
|
znc
fedoraproject
|
znc
fedora
|
ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-13775
|
2024-11-21 14:01 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209726
|
7.5 |
HIGH
Network
|
rocketgenius
|
gravityforms
|
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call.
|
CWE-200
Information Exposure
|
CVE-2020-13764
|
2024-11-21 14:01 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209727
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-13763
|
2024-11-21 14:01 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209728
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13762
|
2024-11-21 14:01 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209729
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13761
|
2024-11-21 14:01 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209730
|
8.8 |
HIGH
Network
|
joomla
|
joomla\!
|
In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2020-13760
|
2024-11-21 14:01 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
