|
197541
|
9.8 |
CRITICAL
Network
|
nethack
|
nethack
|
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
|
CWE-269
Improper Privilege Management
|
CVE-2020-5253
|
2024-11-21 14:33 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197542
|
7.8 |
HIGH
Local
|
dell
|
digital_delivery
|
Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5342
|
2024-11-21 14:33 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197543
|
8.8 |
HIGH
Network
|
bookstackapp
|
bookstack
|
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-5256
|
2024-11-21 14:33 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197544
|
9.8 |
CRITICAL
Network
|
dell
|
emc_isilon_onefs
|
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked a…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-5328
|
2024-11-21 14:33 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197545
|
9.8 |
CRITICAL
Network
|
dell
|
security_management_server
|
Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabl…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-5327
|
2024-11-21 14:33 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197546
|
6.3 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, …
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-5250
|
2024-11-21 14:33 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197547
|
5.3 |
MEDIUM
Network
|
parseplatform
|
parse-server
|
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way.
|
CWE-863
Incorrect Authorization
|
CVE-2020-5251
|
2024-11-21 14:33 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197548
|
6.5 |
MEDIUM
Network
|
puma
|
puma
|
In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject m…
|
CWE-74
Injection
|
CVE-2020-5249
|
2024-11-21 14:33 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197549
|
7.5 |
HIGH
Network
|
ruby-lang
puma
debian
fedoraproject
|
ruby
puma
debian_linux
fedora
|
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to en…
|
-
|
CVE-2020-5247
|
2024-11-21 14:33 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197550
|
8.8 |
HIGH
Network
|
dropwizard
oracle
|
dropwizard_validation
blockchain_platform
|
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Lan…
|
CWE-74
Injection
|
CVE-2020-5245
|
2024-11-21 14:33 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
