|
208561
|
8.8 |
HIGH
Network
|
openmaint
|
openmaint
|
openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-24549
|
2024-11-21 14:14 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208562
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-24085
|
2024-11-21 14:14 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208563
|
8.8 |
HIGH
Network
|
assaabloy
|
yale_wipc-303w_firmware
|
The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176
|
CWE-78
OS Command
|
CVE-2020-23826
|
2024-11-21 14:14 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208564
|
9.8 |
CRITICAL
Network
|
live555
|
liblivemedia
|
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24027
|
2024-11-21 14:14 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208565
|
5.3 |
MEDIUM
Network
|
sass-lang
|
node-sass
|
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24025
|
2024-11-21 14:14 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208566
|
3.3 |
LOW
Local
|
microsoft
|
skype
|
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access …
|
NVD-CWE-noinfo
|
CVE-2020-24003
|
2024-11-21 14:14 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208567
|
8.8 |
HIGH
Network
|
fork-cms
|
fork_cms
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass o…
|
CWE-352
Origin Validation Error
|
CVE-2020-23960
|
2024-11-21 14:14 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208568
|
6.1 |
MEDIUM
Network
|
jsoneditoronline
|
jsoneditor
|
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23849
|
2024-11-21 14:14 |
2021-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208569
|
6.8 |
MEDIUM
Network
|
dovecot
debian
fedoraproject
|
dovecot
debian_linux
fedora
|
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email m…
|
NVD-CWE-Other
|
CVE-2020-24386
|
2024-11-21 14:14 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208570
|
7.4 |
HIGH
Adjacent
|
arista
|
eos
|
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista …
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2020-24360
|
2024-11-21 14:14 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
