|
198101
|
5.3 |
MEDIUM
Network
|
mirumee
|
saleor
|
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-7964
|
2024-11-21 14:38 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198102
|
9.8 |
CRITICAL
Network
|
plone
|
plone
|
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
|
NVD-CWE-noinfo
|
CVE-2020-7941
|
2024-11-21 14:38 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198103
|
7.5 |
HIGH
Network
|
plone
|
plone
|
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
|
CWE-521
Weak Password Requirements
|
CVE-2020-7940
|
2024-11-21 14:38 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198104
|
8.8 |
HIGH
Network
|
plone
|
plone
|
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
|
CWE-89
SQL Injection
|
CVE-2020-7939
|
2024-11-21 14:38 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198105
|
8.8 |
HIGH
Network
|
plone
|
plone
|
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
|
NVD-CWE-noinfo
|
CVE-2020-7938
|
2024-11-21 14:38 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198106
|
5.4 |
MEDIUM
Network
|
plone
|
plone
|
An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
|
CWE-79
Cross-site Scripting
|
CVE-2020-7937
|
2024-11-21 14:38 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198107
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redire…
|
CWE-601
Open Redirect
|
CVE-2020-7936
|
2024-11-21 14:38 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198108
|
8.8 |
HIGH
Network
|
jfrog
|
artifactory
|
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions be…
|
NVD-CWE-noinfo
|
CVE-2020-7931
|
2024-11-21 14:38 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198109
|
4.8 |
MEDIUM
Network
|
eaton
|
5p_850_firmware
|
An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator.
|
CWE-79
Cross-site Scripting
|
CVE-2020-7915
|
2024-11-21 14:38 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198110
|
9.8 |
CRITICAL
Network
|
get-npm-package-version_project
|
get-npm-package-version
|
The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js.
|
CWE-77
Command Injection
|
CVE-2020-7795
|
2024-11-21 14:37 |
2022-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
