|
200671
|
6.1 |
MEDIUM
Network
|
litespeedtech
|
litespeed_cache
|
A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29172
|
2024-11-21 14:23 |
2020-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200672
|
5.5 |
MEDIUM
Local
|
gnome
canonical
fedoraproject
|
gdk-pixbuf
ubuntu_linux
fedora
|
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign t…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-29385
|
2024-11-21 14:23 |
2020-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200673
|
4.8 |
MEDIUM
Network
|
wondercms
|
wondercms
|
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-29247
|
2024-11-21 14:23 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200674
|
7.0 |
HIGH
Local
|
mariadb
|
mariadb
|
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the n…
|
NVD-CWE-Other
|
CVE-2020-28912
|
2024-11-21 14:23 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200675
|
8.1 |
HIGH
Network
|
terra-master
|
tos
|
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS
|
NVD-CWE-noinfo
|
CVE-2020-29189
|
2024-11-21 14:23 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200676
|
7.1 |
HIGH
Local
|
malwarebytes
|
malwarebytes
endpoint_protection
|
In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system.
|
CWE-59
Link Following
|
CVE-2020-28641
|
2024-11-21 14:23 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200677
|
8.8 |
HIGH
Network
|
odoo
|
odoo
|
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leadi…
|
NVD-CWE-noinfo
|
CVE-2020-29396
|
2024-11-21 14:23 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200678
|
6.5 |
MEDIUM
Network
|
sonatype
|
nexus_repository_manager
|
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.…
|
CWE-611
XXE
|
CVE-2020-29436
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200679
|
8.8 |
HIGH
Network
|
epson
|
eps_tse_server_8_firmware
|
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by…
|
CWE-352
Origin Validation Error
|
CVE-2020-28931
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200680
|
5.4 |
MEDIUM
Network
|
epson
|
eps_tse_server_8_firmware
|
A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaSc…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28930
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
