|
210571
|
7.8 |
HIGH
Local
|
foxitsoftware
|
phantompdf
reader
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the …
|
CWE-843
Type Confusion
|
CVE-2020-10889
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210572
|
7.5 |
HIGH
Network
|
git-scm
debian
canonical
fedoraproject
|
git
debian_linux
ubuntu_linux
fedora
|
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-11008
|
2024-11-21 13:56 |
2020-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210573
|
8.8 |
HIGH
Network
|
vestacp
|
vesta_control_panel
|
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).
|
NVD-CWE-noinfo
|
CVE-2020-10787
|
2024-11-21 13:56 |
2020-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210574
|
8.8 |
HIGH
Network
|
vestacp
|
vesta_control_panel
|
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.
|
CWE-863
Incorrect Authorization
|
CVE-2020-10786
|
2024-11-21 13:56 |
2020-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210575
|
8.8 |
HIGH
Network
|
tortoise_orm_project
|
tortoise_orm
|
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only…
|
CWE-89
SQL Injection
|
CVE-2020-11010
|
2024-11-21 13:56 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210576
|
5.4 |
MEDIUM
Network
|
zulip
|
zulip_server
|
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10935
|
2024-11-21 13:56 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210577
|
8.8 |
HIGH
Network
|
sophos
|
anti-virus_for_sophos_central
anti-virus_for_sophos_home
|
Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.
|
CWE-59
Link Following
|
CVE-2020-10947
|
2024-11-21 13:56 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210578
|
7.5 |
HIGH
Network
|
ftpdmin_project
|
ftpdmin
|
A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to crash the server via a crafted packet.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-10813
|
2024-11-21 13:56 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210579
|
6.5 |
MEDIUM
Network
|
shopizer
|
shopizer
|
In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability make…
|
CWE-20
Improper Input Validation
|
CVE-2020-11007
|
2024-11-21 13:56 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210580
|
4.7 |
MEDIUM
Network
|
westerndigital
|
ibi
my_cloud_home
|
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-10951
|
2024-11-21 13:56 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
