|
197411
|
6.5 |
MEDIUM
Network
|
nextcloud
fedoraproject
|
nextcloud_server
fedora
|
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.
|
CWE-862
Missing Authorization
|
CVE-2020-8139
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197412
|
6.5 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar U…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-8138
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197413
|
9.8 |
CRITICAL
Network
|
blamer_project
|
blamer
|
Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.
|
CWE-94
Code Injection
|
CVE-2020-8137
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197414
|
7.5 |
HIGH
Network
|
fastify
|
fastify-multipart
|
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8136
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197415
|
9.8 |
CRITICAL
Network
|
uppy
|
uppy
|
The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal system…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-8135
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197416
|
8.1 |
HIGH
Network
|
ghost
|
ghost
|
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-8134
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197417
|
9.8 |
CRITICAL
Network
|
liferay
|
liferay_portal
|
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-7961
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197418
|
7.5 |
HIGH
Network
|
trendmicro
|
officescan
apex_one
worry-free_business_security
|
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the serve…
|
NVD-CWE-noinfo
|
CVE-2020-8470
|
2024-11-21 14:38 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197419
|
8.8 |
HIGH
Network
|
trendmicro
|
officescan
apex_one
worry-free_business_security
|
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipula…
|
CWE-74
Injection
|
CVE-2020-8468
|
2024-11-21 14:38 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197420
|
8.8 |
HIGH
Network
|
trendmicro
|
officescan
apex_one
|
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An a…
|
NVD-CWE-noinfo
|
CVE-2020-8467
|
2024-11-21 14:38 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
