|
213341
|
6.1 |
MEDIUM
Network
|
canon
|
oce_colorwave_500_firmware
|
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). N…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10667
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213342
|
8.8 |
HIGH
Network
|
octopus
|
octopus_deploy
|
In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.
|
NVD-CWE-noinfo
|
CVE-2020-10678
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213343
|
7.5 |
HIGH
Network
|
jsonparser_project
fedoraproject
|
jsonparser
fedora
|
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-10675
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213344
|
7.8 |
HIGH
Local
|
denx
opensuse
|
u-boot
leap
|
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default con…
|
CWE-20
Improper Input Validation
|
CVE-2020-10648
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213345
|
9.8 |
CRITICAL
Network
|
perlspeak_project
|
perlspeak
|
PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.
|
CWE-78
OS Command
|
CVE-2020-10674
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213346
|
6.5 |
MEDIUM
Network
|
logicaldoc
|
logicaldoc
|
LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of t…
|
CWE-89
SQL Injection
|
CVE-2020-10365
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213347
|
8.8 |
HIGH
Network
|
fasterxml
debian
netapp
oracle
|
jackson-databind
debian_linux
steelstore_cloud_integrated_storage
retail_xstore_point_of_service
primavera_unifier
retail_service_backbone
weblogic_server
retail_merchandising_sy…
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
|
NVD-CWE-Other
|
CVE-2020-10673
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213348
|
8.8 |
HIGH
Network
|
fasterxml
debian
netapp
oracle
|
jackson-databind
debian_linux
steelstore_cloud_integrated_storage
retail_xstore_point_of_service
primavera_unifier
retail_service_backbone
weblogic_server
retail_merchandising_sy…
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka…
|
NVD-CWE-Other
|
CVE-2020-10672
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213349
|
6.7 |
MEDIUM
Local
|
docker
|
desktop
|
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwr…
|
CWE-59
Link Following
|
CVE-2020-10665
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213350
|
4.3 |
MEDIUM
Network
|
entrustdatacard
|
entelligence_security_provider
|
Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-10659
|
2024-11-21 13:55 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
