|
209641
|
9.8 |
CRITICAL
Network
|
tiki
|
tiki
|
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-15906
|
2024-11-21 14:06 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209642
|
7.5 |
HIGH
Network
|
netwrix
|
account_lockout_examiner
|
Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in it…
|
CWE-200
Information Exposure
|
CVE-2020-15931
|
2024-11-21 14:06 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209643
|
7.3 |
HIGH
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-15822
|
2024-11-21 14:06 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209644
|
7.5 |
HIGH
Network
|
gopro
|
gpmf-parser
|
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.
|
CWE-369
Divide By Zero
|
CVE-2020-16161
|
2024-11-21 14:06 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209645
|
7.5 |
HIGH
Network
|
gopro
|
gpmf-parser
|
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash.
|
CWE-369
Divide By Zero
|
CVE-2020-16160
|
2024-11-21 14:06 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209646
|
9.1 |
CRITICAL
Network
|
gopro
|
gpmf-parser
|
GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-16159
|
2024-11-21 14:06 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209647
|
8.8 |
HIGH
Network
|
gopro
|
gpmf-parser
|
GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Parsing malicious input can result in a crash or potentially arbitrary code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-16158
|
2024-11-21 14:06 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209648
|
4.7 |
MEDIUM
Network
|
solarwinds
|
n-central
|
SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15910
|
2024-11-21 14:06 |
2020-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209649
|
8.8 |
HIGH
Network
|
solarwinds
|
n-central
|
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such a…
|
CWE-384
Session Fixation
|
CVE-2020-15909
|
2024-11-21 14:06 |
2020-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209650
|
7.2 |
HIGH
Network
|
gogs
|
gogs
|
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not …
|
NVD-CWE-noinfo
|
CVE-2020-15867
|
2024-11-21 14:06 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
