|
208611
|
6.1 |
MEDIUM
Network
|
mediawiki
fedoraproject
|
mediawiki
fedora
|
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents …
|
CWE-79
Cross-site Scripting
|
CVE-2020-25828
|
2024-11-21 14:18 |
2020-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208612
|
6.1 |
MEDIUM
Network
|
mediawiki
fedoraproject
|
mediawiki
fedora
|
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The rele…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25815
|
2024-11-21 14:18 |
2020-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208613
|
6.1 |
MEDIUM
Network
|
mediawiki
fedoraproject
|
mediawiki
fedora
|
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object wi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25814
|
2024-11-21 14:18 |
2020-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208614
|
5.3 |
MEDIUM
Network
|
mediawiki
fedoraproject
|
mediawiki
fedora
|
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
|
NVD-CWE-noinfo
|
CVE-2020-25813
|
2024-11-21 14:18 |
2020-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208615
|
6.1 |
MEDIUM
Network
|
mediawiki
fedoraproject
|
mediawiki
fedora
|
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25812
|
2024-11-21 14:18 |
2020-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208616
|
5.3 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-25625
|
2024-11-21 14:18 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208617
|
9.8 |
CRITICAL
Network
|
rubetek
|
rv-3406_firmware
rv-3409_firmware
rv-3411_firmware
|
The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged acc…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25749
|
2024-11-21 14:18 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208618
|
8.1 |
HIGH
Network
|
rubetek
|
rv-3406_firmware
rv-3409_firmware
rv-3411_firmware
|
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the c…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-25748
|
2024-11-21 14:18 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208619
|
9.4 |
CRITICAL
Network
|
rubetek
|
rv-3406_firmware
rv-3409_firmware
rv-3411_firmware
|
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25747
|
2024-11-21 14:18 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208620
|
4.7 |
MEDIUM
Local
|
xen
fedoraproject
debian
opensuse
|
xen
fedora
debian_linux
leap
|
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used…
|
CWE-362
Race Condition
|
CVE-2020-25604
|
2024-11-21 14:18 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
