|
196821
|
8.8 |
HIGH
Network
|
leantime
|
leantime
|
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiali…
|
CWE-89
SQL Injection
|
CVE-2020-5292
|
2024-11-21 14:33 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196822
|
7.8 |
HIGH
Local
|
projectatomic
debian
archlinux
centos
|
bubblewrap
debian_linux
arch_linux
centos
|
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process kee…
|
CWE-269
Improper Privilege Management
|
CVE-2020-5291
|
2024-11-21 14:33 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196823
|
6.5 |
MEDIUM
Network
|
elide
|
elide
|
In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The ad…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-5289
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196824
|
4.3 |
MEDIUM
Network
|
zeit
|
next.js
|
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the…
|
CWE-22
Path Traversal
|
CVE-2020-5284
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196825
|
8.1 |
HIGH
Network
|
sensiolabs
|
symfony
|
In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides …
|
CWE-863
Incorrect Authorization
|
CVE-2020-5275
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196826
|
5.4 |
MEDIUM
Network
|
sensiolabs
|
symfony
|
In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-5274
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196827
|
4.3 |
MEDIUM
Network
|
sensiolabs
|
symfony
|
In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the r…
|
CWE-20
Improper Input Validation
|
CVE-2020-5255
|
2024-11-21 14:33 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196828
|
7.5 |
HIGH
Network
|
sonicwall
|
sma1000_firmware
|
A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA100…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-5129
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196829
|
4.8 |
MEDIUM
Network
|
emc
|
rsa_authentication_manager
|
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5340
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196830
|
4.8 |
MEDIUM
Network
|
emc
|
rsa_authentication_manager
|
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5339
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
