|
196811
|
4.9 |
MEDIUM
Network
|
auth0
|
auth0.js
|
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains t…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-5263
|
2024-11-21 14:33 |
2020-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196812
|
7.5 |
HIGH
Network
|
git
git-scm
debian
canonical
fedoraproject
opensuse
|
git
debian_linux
ubuntu_linux
fedora
leap
|
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-5260
|
2024-11-21 14:33 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196813
|
3.7 |
LOW
Network
|
tendermint
|
tendermint
|
Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates X…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-5303
|
2024-11-21 14:33 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196814
|
6.5 |
MEDIUM
Network
|
mh-wikibot_project
|
mh-wikibot
|
MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a…
|
CWE-269
Improper Privilege Management
|
CVE-2020-5302
|
2024-11-21 14:33 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196815
|
5.3 |
MEDIUM
Network
|
ory
|
hydra
|
In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specifica…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-5300
|
2024-11-21 14:33 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196816
|
7.8 |
HIGH
Local
|
dell
|
latitude_7202_firmware
|
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability…
|
CWE-416
Use After Free
|
CVE-2020-5348
|
2024-11-21 14:33 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196817
|
7.5 |
HIGH
Network
|
dell
|
emc_isilon_onefs
|
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing oth…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-5347
|
2024-11-21 14:33 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196818
|
3.5 |
LOW
Network
|
viewvc
|
viewvc
|
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5283
|
2024-11-21 14:33 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196819
|
6.5 |
MEDIUM
Network
|
ctfd
|
rctf
|
In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. An attacker team could poten…
|
CWE-384
Session Fixation
|
CVE-2020-5290
|
2024-11-21 14:33 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196820
|
9.8 |
CRITICAL
Network
|
dell
|
idrac7_firmware
idrac8_firmware
idrac9_firmware
|
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulner…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-5344
|
2024-11-21 14:33 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
