|
200721
|
7.8 |
HIGH
Local
|
nethack
|
nethack
|
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects s…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5210
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200722
|
7.8 |
HIGH
Local
|
nethack
|
nethack
|
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems th…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5209
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200723
|
7.5 |
HIGH
Network
|
jetbrains
|
ktor
|
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-5207
|
2024-11-21 14:33 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200724
|
5.3 |
MEDIUM
Network
|
sylius
|
syliusresourcebundle
|
Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make…
|
CWE-200
Information Exposure
|
CVE-2020-5220
|
2024-11-21 14:33 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200725
|
4.3 |
MEDIUM
Network
|
sylius
|
sylius
|
Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-5218
|
2024-11-21 14:33 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200726
|
5.4 |
MEDIUM
Network
|
simplesamlphp
|
simplesamlphp
|
Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5226
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200727
|
5.4 |
MEDIUM
Network
|
simplesamlphp
|
simplesamlphp
|
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the r…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-5225
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200728
|
8.8 |
HIGH
Network
|
django-user-sessions_project
|
django-user-sessions
|
In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rend…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-5224
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200729
|
8.8 |
HIGH
Network
|
peerigon
|
angular-expressions
|
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. I…
|
CWE-74
Injection
|
CVE-2020-5219
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200730
|
5.8 |
MEDIUM
Network
|
twitter
|
secure_headers
|
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_s…
|
CWE-74
Injection
|
CVE-2020-5217
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
