|
209471
|
7.5 |
HIGH
Network
|
golang
opensuse
debian
fedoraproject
|
go
leap
debian_linux
fedora
|
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-16845
|
2024-11-21 14:07 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209472
|
7.4 |
HIGH
Network
|
nlnetlabs
|
routinator
|
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-17366
|
2024-11-21 14:07 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209473
|
6.1 |
MEDIUM
Network
|
chartkick_project
|
chartkick
|
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).
|
CWE-74
Injection
|
CVE-2020-16254
|
2024-11-21 14:07 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209474
|
6.1 |
MEDIUM
Network
|
usvn
|
user-friendly_svn
|
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.
|
CWE-79
Cross-site Scripting
|
CVE-2020-17364
|
2024-11-21 14:07 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209475
|
9.8 |
CRITICAL
Network
|
lilypond
fedoraproject
debian
opensuse
|
lilypond
fedora
debian_linux
leap
backports_sle
|
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous …
|
NVD-CWE-noinfo
|
CVE-2020-17353
|
2024-11-21 14:07 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209476
|
8.1 |
HIGH
Network
|
pghero_project
|
pghero
|
The PgHero gem through 2.6.0 for Ruby allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2020-16253
|
2024-11-21 14:07 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209477
|
4.3 |
MEDIUM
Network
|
field_test_project
|
field_test
|
The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2020-16252
|
2024-11-21 14:07 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209478
|
6.1 |
MEDIUM
Network
|
extremenetworks
|
extreme_management_center
|
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
|
CWE-79
Cross-site Scripting
|
CVE-2020-16847
|
2024-11-21 14:07 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209479
|
5.9 |
MEDIUM
Network
|
amazon
|
firecracker
|
In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured wit…
|
NVD-CWE-noinfo
|
CVE-2020-16843
|
2024-11-21 14:07 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209480
|
9.1 |
CRITICAL
Network
|
kee
|
keepassrpc
|
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database vi…
|
CWE-20
Improper Input Validation
|
CVE-2020-16272
|
2024-11-21 14:07 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
