|
210241
|
9.8 |
CRITICAL
Network
|
perlspeak_project
|
perlspeak
|
PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.
|
CWE-78
OS Command
|
CVE-2020-10674
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210242
|
6.5 |
MEDIUM
Network
|
logicaldoc
|
logicaldoc
|
LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of t…
|
CWE-89
SQL Injection
|
CVE-2020-10365
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210243
|
8.8 |
HIGH
Network
|
fasterxml
debian
netapp
oracle
|
jackson-databind
debian_linux
steelstore_cloud_integrated_storage
retail_xstore_point_of_service
primavera_unifier
retail_service_backbone
weblogic_server
retail_merchandising_sy…
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
|
NVD-CWE-Other
|
CVE-2020-10673
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210244
|
8.8 |
HIGH
Network
|
fasterxml
debian
netapp
oracle
|
jackson-databind
debian_linux
steelstore_cloud_integrated_storage
retail_xstore_point_of_service
primavera_unifier
retail_service_backbone
weblogic_server
retail_merchandising_sy…
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka…
|
NVD-CWE-Other
|
CVE-2020-10672
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210245
|
6.7 |
MEDIUM
Local
|
docker
|
desktop
|
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwr…
|
CWE-59
Link Following
|
CVE-2020-10665
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210246
|
4.3 |
MEDIUM
Network
|
entrustdatacard
|
entelligence_security_provider
|
Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-10659
|
2024-11-21 13:55 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210247
|
5.4 |
MEDIUM
Network
|
opencart
|
opencart
|
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10596
|
2024-11-21 13:55 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210248
|
9.8 |
CRITICAL
Network
|
r-consortium
|
rmysql
|
RMySQL through 0.10.19 allows SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2020-10380
|
2024-11-21 13:55 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210249
|
9.8 |
CRITICAL
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
|
CWE-89
SQL Injection
|
CVE-2020-10243
|
2024-11-21 13:55 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210250
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10242
|
2024-11-21 13:55 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
