|
210941
|
10.0 |
CRITICAL
Network
|
yiiframework
|
yii
|
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaro…
|
-
|
CVE-2020-15148
|
2024-11-21 14:04 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210942
|
6.6 |
MEDIUM
Network
|
xwiki
|
xwiki
|
In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instant…
|
CWE-74
Injection
|
CVE-2020-15171
|
2024-11-21 14:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210943
|
5.5 |
MEDIUM
Local
|
avast
|
antivirus
|
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a log…
|
CWE-212
CWE-459
Improper Removal of Sensitive Information Before Storage or Transfer
Incomplete Cleanup
|
CVE-2020-15024
|
2024-11-21 14:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210944
|
6.1 |
MEDIUM
Network
|
action_view_project
debian
fedoraproject
|
action_view
debian_linux
fedora
|
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default…
|
-
|
CVE-2020-15169
|
2024-11-21 14:04 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210945
|
7.5 |
HIGH
Network
|
zeromq
fedoraproject
debian
|
libzmq
fedora
debian_linux
|
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and con…
|
-
|
CVE-2020-15166
|
2024-11-21 14:04 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210946
|
7.0 |
HIGH
Network
|
ctrip
|
apollo
|
apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internet(which is not recommended), there are potential security issues since apoll…
|
NVD-CWE-Other
|
CVE-2020-15170
|
2024-11-21 14:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210947
|
5.3 |
MEDIUM
Network
|
node-fetch_project
|
node-fetch
|
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get throw…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-15168
|
2024-11-21 14:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210948
|
8.2 |
HIGH
Network
|
linuxfoundation
|
the_update_framework
|
Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This al…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-15163
|
2024-11-21 14:04 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210949
|
8.6 |
HIGH
Local
|
johnkerl
|
miller
|
In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc`…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-15167
|
2024-11-21 14:04 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210950
|
8.8 |
HIGH
Network
|
sensiolabs
fedoraproject
|
httpclient
symfony
fedora
|
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X…
|
-
|
CVE-2020-15094
|
2024-11-21 14:04 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
