|
197631
|
5.9 |
MEDIUM
Network
|
misp
|
misp
|
An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
|
NVD-CWE-noinfo
|
CVE-2020-8891
|
2024-11-21 14:39 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197632
|
5.9 |
MEDIUM
Network
|
misp
|
misp
|
An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of …
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-8890
|
2024-11-21 14:39 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197633
|
7.5 |
HIGH
Network
|
xnau
|
participants_database
|
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy pa…
|
CWE-89
SQL Injection
|
CVE-2020-8596
|
2024-11-21 14:39 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197634
|
8.8 |
HIGH
Network
|
testlink
|
testlink
|
An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2020-8841
|
2024-11-21 14:39 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197635
|
9.8 |
CRITICAL
Network
|
fasterxml
debian
netapp
huawei
oracle
|
jackson-databind
debian_linux
steelstore_cloud_integrated_storage
oncommand_workflow_automation
service_level_manager
oncommand_api_services
oceanstor_9000_firmware
global_lifecy…
|
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-8840
|
2024-11-21 14:39 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197636
|
5.4 |
MEDIUM
Network
|
vanillaforums
|
vanilla
|
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8825
|
2024-11-21 14:39 |
2020-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197637
|
6.1 |
MEDIUM
Network
|
sockjs_project
|
sockjs
|
htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8823
|
2024-11-21 14:39 |
2020-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197638
|
4.8 |
MEDIUM
Network
|
digi
|
transport_wr21_firmware
transport_wr44_firmware
|
Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8822
|
2024-11-21 14:39 |
2020-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197639
|
5.4 |
MEDIUM
Network
|
bludit
|
bludit
|
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8812
|
2024-11-21 14:39 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197640
|
4.3 |
MEDIUM
Network
|
bludit
|
bludit
|
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.
|
CWE-862
Missing Authorization
|
CVE-2020-8811
|
2024-11-21 14:39 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
