|
210761
|
8.8 |
HIGH
Network
|
vtenext
|
vtenext
|
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
|
CWE-352
Origin Validation Error
|
CVE-2020-10229
|
2024-11-21 13:55 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210762
|
8.8 |
HIGH
Network
|
vtenext
|
vtenext
|
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10228
|
2024-11-21 13:55 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210763
|
6.1 |
MEDIUM
Network
|
vtenext
|
vtenext
|
A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10227
|
2024-11-21 13:55 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210764
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.
|
CWE-416
Use After Free
|
CVE-2020-10720
|
2024-11-21 13:55 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210765
|
8.8 |
HIGH
Network
|
github
|
github
|
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers use…
|
NVD-CWE-noinfo
|
CVE-2020-10518
|
2024-11-21 13:55 |
2020-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210766
|
4.3 |
MEDIUM
Network
|
github
|
github
|
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given …
|
NVD-CWE-noinfo
|
CVE-2020-10517
|
2024-11-21 13:55 |
2020-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210767
|
6.8 |
MEDIUM
Physics
|
sintef
|
urx
|
Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the ov…
|
CWE-269
Improper Privilege Management
|
CVE-2020-10290
|
2024-11-21 13:55 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210768
|
9.8 |
CRITICAL
Network
|
dronecode
|
micro_air_vehicle_link
|
The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autop…
|
NVD-CWE-Other
|
CVE-2020-10283
|
2024-11-21 13:55 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210769
|
8.8 |
HIGH
Network
|
openrobotics
|
robot_operating_system
|
Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10289
|
2024-11-21 13:55 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210770
|
9.9 |
CRITICAL
Network
|
redhat
|
openstack_platform
|
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be d…
|
NVD-CWE-noinfo
|
CVE-2020-10731
|
2024-11-21 13:55 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
