|
200461
|
7.8 |
HIGH
Local
|
php
debian
fedoraproject
drupal
|
archive_tar
debian_linux
fedora
drupal
|
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-28948
|
2024-11-21 14:23 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200462
|
5.5 |
MEDIUM
Local
|
linux
fedoraproject
debian
|
linux_kernel
fedora
debian_linux
|
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack…
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2020-28941
|
2024-11-21 14:23 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200463
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28947
|
2024-11-21 14:23 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200464
|
4.3 |
MEDIUM
Network
|
primekey
|
ejbca
|
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the r…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-28942
|
2024-11-21 14:23 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200465
|
6.1 |
MEDIUM
Network
|
palletsprojects
|
werkzeug
|
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
|
CWE-601
Open Redirect
|
CVE-2020-28724
|
2024-11-21 14:23 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200466
|
6.5 |
MEDIUM
Network
|
view_frontend_statistics_project
|
view_frontend_statistics
|
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-28917
|
2024-11-21 14:23 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200467
|
5.8 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-28915
|
2024-11-21 14:23 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200468
|
7.1 |
HIGH
Local
|
katacontainers
|
kata-containers
|
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the f…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-28914
|
2024-11-21 14:23 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200469
|
8.8 |
HIGH
Network
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql_project
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql
|
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28688
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200470
|
8.8 |
HIGH
Network
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql_project
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql
|
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28687
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
