|
198211
|
9.8 |
CRITICAL
Network
|
kaspersky
|
tinycheck
|
In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker fo…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-35929
|
2024-11-21 14:28 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198212
|
7.5 |
HIGH
Network
|
php
fedoraproject
debian
drupal
|
archive_tar
fedora
debian_linux
drupal
|
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2020-36193
|
2024-11-21 14:28 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198213
|
7.7 |
HIGH
Network
|
presstigers
|
simple_board_job
|
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files …
|
CWE-22
Path Traversal
|
CVE-2020-35749
|
2024-11-21 14:28 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198214
|
5.4 |
MEDIUM
Network
|
foliovision
|
fv_flowplayer_video_player
|
Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35748
|
2024-11-21 14:28 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198215
|
5.3 |
MEDIUM
Network
|
mantisbt
|
source_integration
|
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private …
|
NVD-CWE-noinfo
|
CVE-2020-36192
|
2024-11-21 14:28 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198216
|
4.5 |
MEDIUM
Network
|
jupyter
|
jupyterhub
|
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).
|
CWE-352
Origin Validation Error
|
CVE-2020-36191
|
2024-11-21 14:28 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198217
|
6.1 |
MEDIUM
Network
|
rails_admin_project
|
rails_admin
|
RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36190
|
2024-11-21 14:28 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198218
|
7.5 |
HIGH
Network
|
socket
|
socket.io-parser
|
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-36049
|
2024-11-21 14:28 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198219
|
7.5 |
HIGH
Network
|
socket
|
engine.io
|
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-36048
|
2024-11-21 14:28 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198220
|
8.1 |
HIGH
Network
|
fasterxml
netapp
debian
oracle
|
jackson-databind
cloud_backup
service_level_manager
debian_linux
webcenter_portal
primavera_unifier
application_testing_suite
agile_plm
communications_policy_management
com…
|
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-36183
|
2024-11-21 14:28 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
