|
210691
|
4.8 |
MEDIUM
Network
|
nagios
|
nagios_xi
|
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10819
|
2024-11-21 13:56 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210692
|
7.2 |
HIGH
Network
|
articatech
|
artica_proxy
|
Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field.
|
CWE-78
OS Command
|
CVE-2020-10818
|
2024-11-21 13:56 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210693
|
5.5 |
MEDIUM
Local
|
hdfgroup
|
hdf5
|
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-10812
|
2024-11-21 13:56 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210694
|
5.5 |
MEDIUM
Local
|
hdfgroup
|
hdf5
|
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-10811
|
2024-11-21 13:56 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210695
|
5.5 |
MEDIUM
Local
|
hdfgroup
|
hdf5
|
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-10810
|
2024-11-21 13:56 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210696
|
5.5 |
MEDIUM
Local
|
hdfgroup
|
hdf5
|
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 b…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10809
|
2024-11-21 13:56 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210697
|
8.8 |
HIGH
Network
|
vestacp
|
vesta_control_panel
|
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demon…
|
CWE-78
OS Command
|
CVE-2020-10808
|
2024-11-21 13:56 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210698
|
5.3 |
MEDIUM
Network
|
mitre
|
caldera
|
auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-10807
|
2024-11-21 13:56 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210699
|
9.8 |
CRITICAL
Network
|
ez
|
ez_publish-kernel
ez_publish-legacy
|
eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to ex…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10806
|
2024-11-21 13:56 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210700
|
5.4 |
MEDIUM
Network
|
phpmyadmin
debian
fedoraproject
opensuse
suse
|
phpmyadmin
debian_linux
fedora
leap
backports_sle
package_hub
|
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results…
|
CWE-79
CWE-89
Cross-site Scripting
SQL Injection
|
CVE-2020-10803
|
2024-11-21 13:56 |
2020-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
