|
200011
|
8.8 |
HIGH
Local
|
xen
|
xen
|
An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one …
|
CWE-787
CWE-193
Out-of-bounds Write
Off-by-one Error
|
CVE-2020-29040
|
2024-11-21 14:23 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200012
|
6.1 |
MEDIUM
Network
|
seeddms
|
seeddms
|
Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.
|
CWE-601
Open Redirect
|
CVE-2020-28726
|
2024-11-21 14:23 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200013
|
9.8 |
CRITICAL
Network
|
misp
|
misp
|
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
|
CWE-862
Missing Authorization
|
CVE-2020-29006
|
2024-11-21 14:23 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200014
|
5.4 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29003
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200015
|
4.8 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29002
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200016
|
9.8 |
CRITICAL
Network
|
gitea
|
gitea
|
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_…
|
NVD-CWE-noinfo
|
CVE-2020-28991
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200017
|
9.8 |
CRITICAL
Network
|
spip
debian
|
spip
debian_linux
|
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
|
NVD-CWE-noinfo
|
CVE-2020-28984
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200018
|
6.1 |
MEDIUM
Network
|
magicpin
|
magicpin
|
There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28927
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200019
|
5.3 |
MEDIUM
Network
|
neomutt
mutt
debian
|
neomutt
mutt
debian_linux
|
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and t…
|
CWE-287
CWE-755
Improper Authentication
Improper Handling of Exceptional Conditions
|
CVE-2020-28896
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200020
|
9.8 |
CRITICAL
Network
|
winscp
|
winscp
|
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-28864
|
2024-11-21 14:23 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
