|
209861
|
4.3 |
MEDIUM
Adjacent
|
sane-project
debian
canonical
opensuse
|
sane_backends
debian_linux
ubuntu_linux
leap
|
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the prog…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-12862
|
2024-11-21 14:00 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209862
|
8.8 |
HIGH
Adjacent
|
sane-project
canonical
opensuse
|
sane_backends
ubuntu_linux
leap
|
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-12861
|
2024-11-21 14:00 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209863
|
6.5 |
MEDIUM
Network
|
nukeviet
|
nukeviet
|
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed.
|
CWE-352
Origin Validation Error
|
CVE-2020-13157
|
2024-11-21 14:00 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209864
|
6.5 |
MEDIUM
Network
|
nukeviet
|
nukeviet
|
modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.
|
CWE-352
Origin Validation Error
|
CVE-2020-13156
|
2024-11-21 14:00 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209865
|
8.8 |
HIGH
Network
|
nukeviet
|
nukeviet
|
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.
|
CWE-352
Origin Validation Error
|
CVE-2020-13155
|
2024-11-21 14:00 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209866
|
9.8 |
CRITICAL
Network
|
openfind
|
mailgates
mailaudit
|
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files.
|
CWE-77
Command Injection
|
CVE-2020-12782
|
2024-11-21 14:00 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209867
|
9.8 |
CRITICAL
Network
|
articatech
|
artica_proxy
|
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.
|
CWE-78
OS Command
|
CVE-2020-13159
|
2024-11-21 14:00 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209868
|
7.5 |
HIGH
Network
|
articatech
|
artica_proxy
|
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.
|
CWE-22
Path Traversal
|
CVE-2020-13158
|
2024-11-21 14:00 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209869
|
8.6 |
HIGH
Local
|
gitlab
|
gitlab-vscode-extension
|
Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-13279
|
2024-11-21 14:00 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209870
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token
|
CWE-200
Information Exposure
|
CVE-2020-13264
|
2024-11-21 14:00 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
