|
209731
|
4.3 |
MEDIUM
Network
|
octopus
|
server
octopus_server
|
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentia…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-16197
|
2024-11-21 14:06 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209732
|
7.8 |
HIGH
Local
|
gradle
|
maven
|
An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-15777
|
2024-11-21 14:06 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209733
|
6.4 |
MEDIUM
Physics
|
thalesgroup
|
bgs5_firmware
ehs5_firmware
ehs8_firmware
ehs6_firmware
pds5_firmware
pds6_firmware
els61_firmware
els81_firmware
pls62_firmware
|
Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be…
|
CWE-22
Path Traversal
|
CVE-2020-15858
|
2024-11-21 14:06 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209734
|
7.8 |
HIGH
Local
|
net-snmp
canonical
netapp
|
net-snmp
ubuntu_linux
cloud_backup
smi-s_provider
solidfire
hci_management_node
|
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
|
CWE-269
Improper Privilege Management
|
CVE-2020-15862
|
2024-11-21 14:06 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209735
|
7.8 |
HIGH
Local
|
net-snmp
canonical
netapp
|
net-snmp
ubuntu_linux
cloud_backup
smi-s_provider
solidfire_\&_hci_management_node
|
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
|
CWE-59
Link Following
|
CVE-2020-15861
|
2024-11-21 14:06 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209736
|
6.1 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15926
|
2024-11-21 14:06 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209737
|
9.8 |
CRITICAL
Network
|
stimulsoft
|
reports
|
A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and …
|
CWE-94
Code Injection
|
CVE-2020-15865
|
2024-11-21 14:06 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209738
|
7.5 |
HIGH
Network
|
nim-lang
|
nim
|
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a n…
|
CWE-20
Improper Input Validation
|
CVE-2020-15694
|
2024-11-21 14:06 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209739
|
6.5 |
MEDIUM
Network
|
nim-lang
|
nim
|
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as h…
|
CWE-74
Injection
|
CVE-2020-15693
|
2024-11-21 14:06 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209740
|
9.8 |
CRITICAL
Network
|
nim-lang
|
nim
|
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker…
|
CWE-88
Argument Injection
|
CVE-2020-15692
|
2024-11-21 14:06 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
