|
209531
|
6.5 |
MEDIUM
Network
|
gogs
|
gogs
|
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-14958
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209532
|
5.9 |
MEDIUM
Network
|
mutt
debian
neomutt
fedoraproject
canonical
opensuse
|
mutt
debian_linux
neomutt
fedora
ubuntu_linux
leap
|
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g.,…
|
CWE-74
Injection
|
CVE-2020-14954
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209533
|
8.8 |
HIGH
Network
|
aapanel
|
aapanel
|
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setti…
|
CWE-78
OS Command
|
CVE-2020-14950
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209534
|
9.8 |
CRITICAL
Network
|
tendenci
|
tendenci
|
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14942
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209535
|
8.8 |
HIGH
Network
|
squirrelmail
|
squirrelmail
|
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14933
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209536
|
9.8 |
CRITICAL
Network
|
squirrelmail
|
squirrelmail
|
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14932
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209537
|
9.8 |
CRITICAL
Network
|
dmitry_project
|
dmitry
|
A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14931
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209538
|
8.1 |
HIGH
Network
|
bt_ctroms_terminal_project
|
bt_ctroms_terminal
|
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp req…
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2020-14930
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209539
|
7.5 |
HIGH
Network
|
alpine_project
fedoraproject
debian
|
alpine
fedora
debian_linux
|
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the…
|
NVD-CWE-Other
|
CVE-2020-14929
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209540
|
4.8 |
MEDIUM
Network
|
naviwebs
|
navigate_cms
|
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14927
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
