|
195911
|
5.4 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8288
|
2024-11-21 14:38 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195912
|
6.5 |
MEDIUM
Network
|
nodejs
debian
fedoraproject
oracle
siemens
|
node.js
debian_linux
fedora
graalvm
sinec_infrastructure_network_services
|
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies th…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-8287
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195913
|
5.4 |
MEDIUM
Network
|
nextcloud
|
contacts
|
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8281
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195914
|
5.4 |
MEDIUM
Network
|
nextcloud
|
contacts
|
A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8280
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195915
|
4.3 |
MEDIUM
Network
|
citrix
|
secure_mail
|
Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicio…
|
CWE-269
Improper Privilege Management
|
CVE-2020-8275
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195916
|
6.5 |
MEDIUM
Network
|
citrix
|
secure_mail
|
Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note th…
|
CWE-94
Code Injection
|
CVE-2020-8274
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195917
|
6.1 |
MEDIUM
Network
|
rubyonrails
|
rails
|
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL whic…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8264
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195918
|
8.1 |
HIGH
Network
|
nodejs
debian
fedoraproject
oracle
siemens
|
node.js
debian_linux
fedora
graalvm
sinec_infrastructure_network_services
|
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::T…
|
CWE-416
Use After Free
|
CVE-2020-8265
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195919
|
6.1 |
MEDIUM
Network
|
mendix
|
mendixsso
|
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supp…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8160
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195920
|
7.8 |
HIGH
Local
|
backblaze
|
backblaze
|
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of cl…
|
CWE-269
Improper Privilege Management
|
CVE-2020-8290
|
2024-11-21 14:38 |
2020-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
