|
215751
|
5.4 |
MEDIUM
Network
|
enhancesoft
|
osticket
|
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12629
|
2024-11-21 13:59 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215752
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to …
|
CWE-362
Race Condition
|
CVE-2020-12114
|
2024-11-21 13:59 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215753
|
9.8 |
CRITICAL
Network
|
janeczku
|
calibre-web
|
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-12627
|
2024-11-21 13:59 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215754
|
6.5 |
MEDIUM
Network
|
roundcube
debian
|
webmail
debian_linux
|
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
|
CWE-352
Origin Validation Error
|
CVE-2020-12626
|
2024-11-21 13:59 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215755
|
6.1 |
MEDIUM
Network
|
roundcube
debian
opensuse
|
webmail
debian_linux
leap
backports_sle
|
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12625
|
2024-11-21 13:59 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215756
|
6.5 |
MEDIUM
Network
|
theleague
|
the_league
|
The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, whic…
|
CWE-459
Incomplete Cleanup
|
CVE-2020-12624
|
2024-11-21 13:59 |
2020-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215757
|
6.5 |
MEDIUM
Network
|
telegram
|
telegram
telegram_desktop
|
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.
|
NVD-CWE-noinfo
|
CVE-2020-12474
|
2024-11-21 13:59 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215758
|
5.3 |
MEDIUM
Network
|
moxa
|
nport_5100a_firmware
|
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthentic…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-12117
|
2024-11-21 13:59 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215759
|
7.0 |
HIGH
Local
|
fedoraproject
opensuse
sqliteodbc_project
|
fedora
backports_sle
sqliteodbc
|
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new co…
|
CWE-362
Race Condition
|
CVE-2020-12050
|
2024-11-21 13:59 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215760
|
4.3 |
MEDIUM
Network
|
xt-commerce
|
xt-commerce
|
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-12101
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
