|
198591
|
7.5 |
HIGH
Network
|
squid-cache
debian
canonical
opensuse
fedoraproject
|
squid
debian_linux
ubuntu_linux
leap
fedora
|
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security fi…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-8449
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198592
|
9.8 |
CRITICAL
Network
|
klona_project
|
klona
|
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.
|
CWE-20
Improper Input Validation
|
CVE-2020-8125
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198593
|
5.3 |
MEDIUM
Network
|
url-parse_project
|
url-parse
|
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
|
CWE-20
Improper Input Validation
|
CVE-2020-8124
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198594
|
4.9 |
MEDIUM
Network
|
strapi
|
strapi
|
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8123
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198595
|
4.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
|
CWE-20
Improper Input Validation
|
CVE-2020-8122
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198596
|
8.1 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-8121
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198597
|
6.1 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8120
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198598
|
4.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
|
CWE-863
Incorrect Authorization
|
CVE-2020-8119
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198599
|
5.0 |
MEDIUM
Network
|
nextcloud
novell
opensuse
|
nextcloud_server
suse_linux_enterprise_server
backports_sle
|
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-8118
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198600
|
4.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-8117
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
