|
210491
|
5.0 |
MEDIUM
Network
|
toolkit_project
|
toolkit
|
In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows …
|
CWE-77
Command Injection
|
CVE-2020-15228
|
2024-11-21 14:05 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210492
|
7.5 |
HIGH
Network
|
re-desk
|
re\
|
Re:Desk 2.3 allows insecure file upload.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-15488
|
2024-11-21 14:05 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210493
|
4.3 |
MEDIUM
Network
|
zohocorp
|
application_control_plus
|
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) al…
|
NVD-CWE-noinfo
|
CVE-2020-15595
|
2024-11-21 14:05 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210494
|
4.3 |
MEDIUM
Network
|
zohocorp
|
application_control_plus
|
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-15594
|
2024-11-21 14:05 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210495
|
9.8 |
CRITICAL
Network
|
re-desk
|
re\
|
Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possib…
|
CWE-89
SQL Injection
|
CVE-2020-15487
|
2024-11-21 14:05 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210496
|
6.5 |
MEDIUM
Network
|
goxmldsig_project
fedoraproject
|
goxmldsig
fedora
|
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered fi…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-15216
|
2024-11-21 14:05 |
2020-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210497
|
6.5 |
MEDIUM
Network
|
google
opensuse
|
tensorflow
leap
|
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-15210
|
2024-11-21 14:05 |
2020-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210498
|
7.5 |
HIGH
Network
|
google
opensuse
|
tensorflow
leap
|
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability …
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-15203
|
2024-11-21 14:05 |
2020-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210499
|
8.8 |
HIGH
Network
|
google
opensuse
|
tensorflow
leap
|
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-15195
|
2024-11-21 14:05 |
2020-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210500
|
8.1 |
HIGH
Network
|
google
|
tensorflow
|
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids a…
|
-
|
CVE-2020-15214
|
2024-11-21 14:05 |
2020-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
