|
201031
|
8.8 |
HIGH
Network
|
odoo
|
odoo
|
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leadi…
|
NVD-CWE-noinfo
|
CVE-2020-29396
|
2024-11-21 14:23 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201032
|
6.5 |
MEDIUM
Network
|
sonatype
|
nexus_repository_manager
|
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.…
|
CWE-611
XXE
|
CVE-2020-29436
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201033
|
8.8 |
HIGH
Network
|
epson
|
eps_tse_server_8_firmware
|
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by…
|
CWE-352
Origin Validation Error
|
CVE-2020-28931
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201034
|
5.4 |
MEDIUM
Network
|
epson
|
eps_tse_server_8_firmware
|
A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaSc…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28930
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201035
|
9.8 |
CRITICAL
Network
|
epson
|
eps_tse_server_8_firmware
|
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenan…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-28929
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201036
|
7.5 |
HIGH
Network
|
p11-kit_project
debian
oracle
|
p11-kit
debian_linux
communications_cloud_native_core_policy
|
An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29363
|
2024-11-21 14:23 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201037
|
5.3 |
MEDIUM
Network
|
p11-kit_project
|
p11-kit
|
An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-29362
|
2024-11-21 14:23 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201038
|
7.5 |
HIGH
Network
|
p11-kit_project
debian
|
p11-kit
debian_linux
|
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-29361
|
2024-11-21 14:23 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201039
|
6.1 |
MEDIUM
Network
|
directoriespro
|
directories_pro
|
A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a s…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29304
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201040
|
6.1 |
MEDIUM
Network
|
directoriespro
|
directories_pro
|
A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29303
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
