|
209971
|
6.1 |
MEDIUM
Network
|
roundcube
debian
opensuse
|
webmail
debian_linux
leap
backports_sle
|
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12625
|
2024-11-21 13:59 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209972
|
6.5 |
MEDIUM
Network
|
theleague
|
the_league
|
The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, whic…
|
CWE-459
Incomplete Cleanup
|
CVE-2020-12624
|
2024-11-21 13:59 |
2020-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209973
|
6.5 |
MEDIUM
Network
|
telegram
|
telegram
telegram_desktop
|
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.
|
NVD-CWE-noinfo
|
CVE-2020-12474
|
2024-11-21 13:59 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209974
|
5.3 |
MEDIUM
Network
|
moxa
|
nport_5100a_firmware
|
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthentic…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-12117
|
2024-11-21 13:59 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209975
|
7.0 |
HIGH
Local
|
fedoraproject
opensuse
sqliteodbc_project
|
fedora
backports_sle
sqliteodbc
|
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new co…
|
CWE-362
Race Condition
|
CVE-2020-12050
|
2024-11-21 13:59 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209976
|
4.3 |
MEDIUM
Network
|
xt-commerce
|
xt-commerce
|
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-12101
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209977
|
6.1 |
MEDIUM
Network
|
sourcegraph
|
sourcegraph
|
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com su…
|
CWE-601
Open Redirect
|
CVE-2020-12283
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209978
|
8.8 |
HIGH
Network
|
teampass
|
teampass
|
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
|
CWE-22
Path Traversal
|
CVE-2020-12479
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209979
|
7.5 |
HIGH
Network
|
teampass
|
teampass
|
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-12478
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209980
|
7.5 |
HIGH
Network
|
teampass
|
teampass
|
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
|
CWE-863
Incorrect Authorization
|
CVE-2020-12477
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
