|
197811
|
6.1 |
MEDIUM
Network
|
adminserv_project
|
adminserv
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php…
|
CWE-79
Cross-site Scripting
|
CVE-2020-36637
|
2024-11-21 14:29 |
2022-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197812
|
5.3 |
MEDIUM
Network
|
robotsandpencils
|
go-saml
|
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-36563
|
2024-11-21 14:29 |
2022-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197813
|
7.5 |
HIGH
Network
|
dht_project
|
dht
|
Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector.
|
CWE-617
Reachable Assertion
|
CVE-2020-36562
|
2024-11-21 14:29 |
2022-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197814
|
6.1 |
MEDIUM
Network
|
openmrs
|
admin_ui_module
|
A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/pa…
|
-
|
CVE-2020-36636
|
2024-11-21 14:29 |
2022-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197815
|
9.1 |
CRITICAL
Network
|
digitalocean
|
golang-nanoauth
|
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empt…
|
CWE-287
Improper Authentication
|
CVE-2020-36569
|
2024-11-21 14:29 |
2022-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197816
|
7.5 |
HIGH
Network
|
revel
|
revel
|
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-36568
|
2024-11-21 14:29 |
2022-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197817
|
9.1 |
CRITICAL
Network
|
tar-utils_project
|
tar-utils
|
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
|
CWE-22
Path Traversal
|
CVE-2020-36566
|
2024-11-21 14:29 |
2022-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197818
|
7.5 |
HIGH
Network
|
nosurf_project
|
nosurf
|
Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.
|
CWE-20
Improper Input Validation
|
CVE-2020-36564
|
2024-11-21 14:29 |
2022-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197819
|
9.1 |
CRITICAL
Network
|
go-unzip_project
|
go-unzip
|
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
|
CWE-22
Path Traversal
|
CVE-2020-36560
|
2024-11-21 14:29 |
2022-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197820
|
7.5 |
HIGH
Network
|
aahframework
|
aah
|
Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
|
CWE-22
Path Traversal
|
CVE-2020-36559
|
2024-11-21 14:29 |
2022-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
