|
211121
|
9.8 |
CRITICAL
Network
|
tendenci
|
tendenci
|
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14942
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211122
|
8.8 |
HIGH
Network
|
squirrelmail
|
squirrelmail
|
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14933
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211123
|
9.8 |
CRITICAL
Network
|
squirrelmail
|
squirrelmail
|
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14932
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211124
|
9.8 |
CRITICAL
Network
|
dmitry_project
|
dmitry
|
A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14931
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211125
|
8.1 |
HIGH
Network
|
bt_ctroms_terminal_project
|
bt_ctroms_terminal
|
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp req…
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2020-14930
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211126
|
7.5 |
HIGH
Network
|
alpine_project
fedoraproject
debian
|
alpine
fedora
debian_linux
|
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the…
|
NVD-CWE-Other
|
CVE-2020-14929
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211127
|
4.8 |
MEDIUM
Network
|
naviwebs
|
navigate_cms
|
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14927
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211128
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14926
|
2024-11-21 14:04 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211129
|
3.2 |
LOW
Local
|
qemu
fedoraproject
redhat
|
qemu
fedora
extra_packages_for_enterprise_linux
enterprise_linux
openstack_platform
|
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-14394
|
2024-11-21 14:03 |
2022-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211130
|
5.6 |
MEDIUM
Local
|
redhat
|
jboss_a-mq
|
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.
|
CWE-611
XXE
|
CVE-2020-14379
|
2024-11-21 14:03 |
2022-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
