|
209081
|
9.8 |
CRITICAL
Network
|
magic
debian
|
asyncpg
debian_linux
|
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized poi…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2020-17446
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209082
|
9.8 |
CRITICAL
Network
|
vbulletin
|
vbulletin
|
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete …
|
CWE-74
Injection
|
CVE-2020-17496
|
2024-11-21 14:08 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209083
|
7.5 |
HIGH
Network
|
django-celery-results_project
|
django-celery-results
|
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information th…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-17495
|
2024-11-21 14:08 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209084
|
4.3 |
MEDIUM
Physics
|
gnome
debian
canonical
opensuse
|
gnome-shell
debian_linux
ubuntu_linux
leap
|
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-17489
|
2024-11-21 14:08 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209085
|
7.5 |
HIGH
Network
|
radare
fedoraproject
|
radare2
fedora
|
radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_…
|
NVD-CWE-noinfo
|
CVE-2020-17487
|
2024-11-21 14:08 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209086
|
9.8 |
CRITICAL
Network
|
turcom
|
trcwifizone
|
Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses.
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2020-17466
|
2024-11-21 14:08 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209087
|
7.8 |
HIGH
Local
|
telegram
|
telegram_desktop
|
Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an ex…
|
CWE-863
Incorrect Authorization
|
CVE-2020-17448
|
2024-11-21 14:08 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209088
|
6.1 |
MEDIUM
Network
|
tiny
|
tinymce
|
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
|
CWE-79
Cross-site Scripting
|
CVE-2020-17480
|
2024-11-21 14:08 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209089
|
9.8 |
CRITICAL
Network
|
json_pattern_validator_project
|
json_pattern_validator
|
jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array.
|
CWE-20
Improper Input Validation
|
CVE-2020-17479
|
2024-11-21 14:08 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209090
|
7.5 |
HIGH
Network
|
p5-crypt-perl_project
|
p5-crypt-perl
|
ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-17478
|
2024-11-21 14:08 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
