|
209791
|
8.0 |
HIGH
Adjacent
|
swisscom
|
internet-box_2_firmware
internet-box_standard_firmware
internet-box_plus_firmware
internet-box_3_firmware
internet-box_light_firmware
|
An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the (…
|
NVD-CWE-noinfo
|
CVE-2020-16134
|
2024-11-21 14:06 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209792
|
3.3 |
LOW
Local
|
kde
debian
fedoraproject
opensuse
canonical
|
ark
debian_linux
fedora
leap
ubuntu_linux
|
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
|
CWE-22
Path Traversal
|
CVE-2020-16116
|
2024-11-21 14:06 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209793
|
6.1 |
MEDIUM
Network
|
tiki
|
tiki
|
Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-16131
|
2024-11-21 14:06 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209794
|
8.8 |
HIGH
Network
|
sonatype
|
nexus_repository_manager_3
|
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.
|
NVD-CWE-noinfo
|
CVE-2020-15871
|
2024-11-21 14:06 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209795
|
6.1 |
MEDIUM
Network
|
sonatype
|
nexus_repository_manager_3
|
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2).
|
CWE-79
Cross-site Scripting
|
CVE-2020-15870
|
2024-11-21 14:06 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209796
|
5.4 |
MEDIUM
Network
|
sonatype
|
nexus_repository_manager_3
|
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2).
|
CWE-79
Cross-site Scripting
|
CVE-2020-15869
|
2024-11-21 14:06 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209797
|
7.7 |
HIGH
Network
|
tgstation13
|
tgstation-server
|
In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory t…
|
CWE-22
Path Traversal
|
CVE-2020-16136
|
2024-11-21 14:06 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209798
|
9.8 |
CRITICAL
Network
|
springblade_project
|
springblade
|
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.
|
CWE-89
SQL Injection
|
CVE-2020-16165
|
2024-11-21 14:06 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209799
|
7.4 |
HIGH
Network
|
ripe
|
rpki_validator_3
|
An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent rou…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-16164
|
2024-11-21 14:06 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209800
|
9.1 |
CRITICAL
Network
|
ripe
|
rpki_validator_3
|
An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-16163
|
2024-11-21 14:06 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
