|
198161
|
8.8 |
HIGH
Network
|
phpipam
|
phpipam
|
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and function…
|
CWE-352
Origin Validation Error
|
CVE-2020-7988
|
2024-11-21 14:38 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198162
|
7.5 |
HIGH
Network
|
bittorrent
|
utorrent
|
The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-8437
|
2024-11-21 14:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198163
|
2.5 |
LOW
Local
|
suse
opensuse
|
linux_enterprise_server
leap
|
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for spe…
|
-
|
CVE-2020-8013
|
2024-11-21 14:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198164
|
7.2 |
HIGH
Network
|
artica
|
pandora_fms
|
In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-8500
|
2024-11-21 14:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198165
|
9.8 |
CRITICAL
Network
|
pdf-image_project
|
pdf-image
|
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
|
CWE-20
Improper Input Validation
|
CVE-2020-8132
|
2024-11-21 14:38 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198166
|
6.1 |
MEDIUM
Network
|
revealjs
|
reveal.js
|
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8127
|
2024-11-21 14:38 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198167
|
7.5 |
HIGH
Network
|
yarnpkg
|
yarn
|
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install …
|
CWE-22
Path Traversal
|
CVE-2020-8131
|
2024-11-21 14:38 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198168
|
6.4 |
MEDIUM
Local
|
ruby-lang
debian
canonical
fedoraproject
opensuse
|
rake
debian_linux
ubuntu_linux
fedora
leap
|
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
|
CWE-78
OS Command
|
CVE-2020-8130
|
2024-11-21 14:38 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198169
|
6.5 |
MEDIUM
Network
|
puppet
|
puppet_agent
puppet
|
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infras…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-7942
|
2024-11-21 14:38 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198170
|
9.8 |
CRITICAL
Network
|
jyaml_project
|
jyaml
|
JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-8441
|
2024-11-21 14:38 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
