|
212061
|
7.4 |
HIGH
Network
|
em-imap_project
|
em-imap
|
em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is no…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-13163
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212062
|
9.8 |
CRITICAL
Network
|
netsweeper
|
netsweeper
|
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and …
|
CWE-78
OS Command
|
CVE-2020-13167
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212063
|
9.8 |
CRITICAL
Network
|
mylittletools
|
mylittleadmin
|
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-13166
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212064
|
7.5 |
HIGH
Network
|
nlnetlabs
debian
opensuse
canonical
fedoraproject
|
unbound
debian_linux
leap
ubuntu_linux
fedora
|
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-12663
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212065
|
7.5 |
HIGH
Network
|
nlnetlabs
debian
opensuse
canonical
fedoraproject
|
unbound
debian_linux
leap
ubuntu_linux
fedora
|
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-12662
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212066
|
7.5 |
HIGH
Network
|
nic
|
knot_resolver
|
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME i…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-12667
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212067
|
6.5 |
MEDIUM
Network
|
zohocorp
|
manageengine_servicedesk_plus
|
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
|
CWE-862
Missing Authorization
|
CVE-2020-13154
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212068
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13153
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212069
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr
|
Dolibarr before 11.0.4 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13094
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212070
|
7.8 |
HIGH
Local
|
msi
|
dragon_center
|
Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite syste…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13149
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
