|
197571
|
6.5 |
MEDIUM
Network
|
apereo
|
opencast
|
In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role i…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5231
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197572
|
10.0 |
CRITICAL
Network
|
apereo
|
opencast
|
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect giv…
|
CWE-287
Improper Authentication
|
CVE-2020-5206
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197573
|
8.8 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-5222
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197574
|
7.5 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes use…
|
CWE-74
Injection
|
CVE-2020-5230
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197575
|
8.1 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causi…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-5229
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197576
|
7.5 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active u…
|
CWE-862
Missing Authorization
|
CVE-2020-5228
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197577
|
6.1 |
MEDIUM
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
|
CWE-601
Open Redirect
|
CVE-2020-5233
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197578
|
7.5 |
HIGH
Network
|
feedgen_project
|
feedgen
|
Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *feedgen* library allows supplying XML as content for some of the available fields. This XML will be parsed …
|
CWE-776
XML Entity Expansion
|
CVE-2020-5227
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197579
|
7.5 |
HIGH
Network
|
google
|
tensorflow
|
In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the gra…
|
CWE-20
Improper Input Validation
|
CVE-2020-5215
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197580
|
9.8 |
CRITICAL
Network
|
nethack
|
nethack
|
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escala…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5211
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
