|
211141
|
7.5 |
HIGH
Network
|
contiki-os
|
contiki
|
An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-13984
|
2024-11-21 14:02 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211142
|
5.3 |
MEDIUM
Network
|
divebook_project
|
divebook
|
The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter.
|
CWE-89
SQL Injection
|
CVE-2020-14207
|
2024-11-21 14:02 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211143
|
6.1 |
MEDIUM
Network
|
divebook_project
|
divebook
|
The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter).
|
CWE-79
Cross-site Scripting
|
CVE-2020-14206
|
2024-11-21 14:02 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211144
|
5.3 |
MEDIUM
Network
|
divebook_project
|
divebook
|
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate th…
|
CWE-862
Missing Authorization
|
CVE-2020-14205
|
2024-11-21 14:02 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211145
|
6.5 |
MEDIUM
Network
|
apache
|
apisix
|
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects version…
|
NVD-CWE-Other
|
CVE-2020-13945
|
2024-11-21 14:02 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211146
|
4.3 |
MEDIUM
Network
|
samba
redhat
|
samba
enterprise_linux
storage
|
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be u…
|
-
|
CVE-2020-14318
|
2024-11-21 14:02 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211147
|
5.3 |
MEDIUM
Network
|
apache
quarkus
oracle
netapp
|
httpclient
quarkus
primavera_unifier
peoplesoft_enterprise_peopletools
data_integrator
peoplesoft_enterprise_pt_peopletools
nosql_database
retail_customer_management_and_segmenta…
|
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host…
|
NVD-CWE-noinfo
|
CVE-2020-13956
|
2024-11-21 14:02 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211148
|
9.8 |
CRITICAL
Network
|
hcltech
|
domino
|
HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-control…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-14260
|
2024-11-21 14:02 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211149
|
8.1 |
HIGH
Network
|
linux
netapp
|
linux_kernel
cloud_backup
a250_firmware
fas_500f_firmware
aff_500f_firmware
solidfire_baseboard_management_controller_firmware
|
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated…
|
-
|
CVE-2020-14305
|
2024-11-21 14:02 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211150
|
5.4 |
MEDIUM
Network
|
atlassian
|
automation_for_jira
|
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directorie…
|
CWE-74
Injection
|
CVE-2020-14193
|
2024-11-21 14:02 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
