|
200641
|
7.5 |
HIGH
Network
|
systransoft
|
pure_neural_server
|
API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat actor to use the Systran Pure Neural Server as a Denial-of-Service proxy by sending a large amount o…
|
NVD-CWE-noinfo
|
CVE-2020-29540
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200642
|
5.4 |
MEDIUM
Network
|
systransoft
|
pure_neural_server
|
A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pure Neural Server before 9.7.0 allows a threat actor to have a remote authenticated user run JavaScript from a malicious site.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29539
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200643
|
9.8 |
CRITICAL
Network
|
awstats
debian
fedoraproject
|
awstats
debian_linux
fedora
|
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists becau…
|
CWE-22
Path Traversal
|
CVE-2020-29600
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200644
|
7.8 |
HIGH
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not prope…
|
CWE-91
Blind XPath Injection
|
CVE-2020-29599
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200645
|
9.8 |
CRITICAL
Network
|
incomcms_project
|
incomcms
|
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29597
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200646
|
9.8 |
CRITICAL
Network
|
acdsee
|
photo_studio_2021
|
PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa.
|
NVD-CWE-noinfo
|
CVE-2020-29595
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200647
|
7.5 |
HIGH
Network
|
gnu
redhat
netapp
|
glibc
enterprise_linux
cloud_backup
solidfire_baseboard_management_controller
|
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29573
|
2024-11-21 14:24 |
2020-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200648
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29572
|
2024-11-21 14:24 |
2020-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200649
|
6.1 |
MEDIUM
Network
|
openstack
debian
|
horizon
debian_linux
|
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would all…
|
CWE-601
Open Redirect
|
CVE-2020-29565
|
2024-11-21 14:24 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200650
|
4.8 |
MEDIUM
Network
|
gnu
fedoraproject
netapp
|
glibc
fedora
e-series_santricity_os_controller
|
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, …
|
CWE-617
Reachable Assertion
|
CVE-2020-29562
|
2024-11-21 14:24 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
