|
212331
|
9.8 |
CRITICAL
Network
|
wso2
|
api_manager
|
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-13226
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212332
|
4.8 |
MEDIUM
Network
|
phpipam
|
phpipam
|
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13225
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212333
|
7.5 |
HIGH
Network
|
wireshark
debian
opensuse
fedoraproject
|
wireshark
debian_linux
leap
fedora
|
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a c…
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-13164
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212334
|
7.4 |
HIGH
Network
|
em-imap_project
|
em-imap
|
em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is no…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-13163
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212335
|
9.8 |
CRITICAL
Network
|
netsweeper
|
netsweeper
|
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and …
|
CWE-78
OS Command
|
CVE-2020-13167
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212336
|
9.8 |
CRITICAL
Network
|
mylittletools
|
mylittleadmin
|
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-13166
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212337
|
7.5 |
HIGH
Network
|
nlnetlabs
debian
opensuse
canonical
fedoraproject
|
unbound
debian_linux
leap
ubuntu_linux
fedora
|
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-12663
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212338
|
7.5 |
HIGH
Network
|
nlnetlabs
debian
opensuse
canonical
fedoraproject
|
unbound
debian_linux
leap
ubuntu_linux
fedora
|
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-12662
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212339
|
7.5 |
HIGH
Network
|
nic
|
knot_resolver
|
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME i…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-12667
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212340
|
6.5 |
MEDIUM
Network
|
zohocorp
|
manageengine_servicedesk_plus
|
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
|
CWE-862
Missing Authorization
|
CVE-2020-13154
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
