|
196831
|
9.8 |
CRITICAL
Network
|
nick_chan_bot_project
|
nick_chan_bot
|
In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot Thi…
|
CWE-78
OS Command
|
CVE-2020-5282
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196832
|
5.4 |
MEDIUM
Network
|
prestashop
|
faceted_search_module
|
PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. The problem is fixed in 3.5.0
|
CWE-79
Cross-site Scripting
|
CVE-2020-5277
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196833
|
7.5 |
HIGH
Network
|
cesnet
|
perun
|
In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-5281
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196834
|
7.5 |
HIGH
Network
|
typelevel
|
http4s
|
http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server…
|
CWE-22
Path Traversal
|
CVE-2020-5280
|
2024-11-21 14:33 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196835
|
6.8 |
MEDIUM
Network
|
sustainsys
|
saml2
|
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detectio…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-5261
|
2024-11-21 14:33 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196836
|
4.1 |
MEDIUM
Local
|
pyup
|
safety
|
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection rout…
|
NVD-CWE-noinfo
|
CVE-2020-5252
|
2024-11-21 14:33 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196837
|
4.8 |
MEDIUM
Network
|
rubyonrails
debian
fedoraproject
opensuse
|
actionview
debian_linux
fedora
leap
|
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may b…
|
-
|
CVE-2020-5267
|
2024-11-21 14:33 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196838
|
5.5 |
MEDIUM
Local
|
easybuild_project
|
easybuild
|
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuil…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-5262
|
2024-11-21 14:33 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196839
|
8.5 |
HIGH
Network
|
labdigital
|
wagtail-2fa
|
In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so.…
|
CWE-863
Incorrect Authorization
|
CVE-2020-5240
|
2024-11-21 14:33 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196840
|
8.1 |
HIGH
Network
|
thoughtbot
|
administrate
|
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present …
|
CWE-89
SQL Injection
|
CVE-2020-5257
|
2024-11-21 14:33 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
