|
197601
|
7.5 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8295
|
2024-11-21 14:38 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197602
|
6.5 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage wi…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8293
|
2024-11-21 14:38 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197603
|
5.4 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8292
|
2024-11-21 14:38 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197604
|
5.4 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8288
|
2024-11-21 14:38 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197605
|
6.5 |
MEDIUM
Network
|
nodejs
debian
fedoraproject
oracle
siemens
|
node.js
debian_linux
fedora
graalvm
sinec_infrastructure_network_services
|
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies th…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-8287
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197606
|
5.4 |
MEDIUM
Network
|
nextcloud
|
contacts
|
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8281
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197607
|
5.4 |
MEDIUM
Network
|
nextcloud
|
contacts
|
A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8280
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197608
|
4.3 |
MEDIUM
Network
|
citrix
|
secure_mail
|
Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicio…
|
CWE-269
Improper Privilege Management
|
CVE-2020-8275
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197609
|
6.5 |
MEDIUM
Network
|
citrix
|
secure_mail
|
Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note th…
|
CWE-94
Code Injection
|
CVE-2020-8274
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197610
|
6.1 |
MEDIUM
Network
|
rubyonrails
|
rails
|
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL whic…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8264
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
