|
209871
|
6.5 |
MEDIUM
Network
|
gnu
|
libredwg
|
GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-15807
|
2024-11-21 14:06 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209872
|
8.1 |
HIGH
Network
|
graylog
|
graylog
|
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15813
|
2024-11-21 14:06 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209873
|
6.1 |
MEDIUM
Network
|
zabbix
fedoraproject
debian
opensuse
|
zabbix
fedora
debian_linux
leap
backports
|
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15803
|
2024-11-21 14:06 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209874
|
9.8 |
CRITICAL
Network
|
python
netapp
|
python
max_data
|
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file)…
|
CWE-426
Untrusted Search Path
|
CVE-2020-15801
|
2024-11-21 14:06 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209875
|
6.7 |
MEDIUM
Local
|
linux
opensuse
canonical
|
linux_kernel
leap
ubuntu_linux
|
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot…
|
CWE-862
Missing Authorization
|
CVE-2020-15780
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209876
|
7.5 |
HIGH
Network
|
socket.io-file_project
|
socket.io-file
|
A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir an…
|
CWE-22
Path Traversal
|
CVE-2020-15779
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209877
|
6.1 |
MEDIUM
Network
|
rosariosis
|
rosariosis
|
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inac…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15718
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209878
|
6.1 |
MEDIUM
Network
|
rosariosis
|
rosariosis
|
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15717
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209879
|
6.1 |
MEDIUM
Network
|
rosariosis
|
rosariosis
|
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter i…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15716
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209880
|
6.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.
|
CWE-352
Origin Validation Error
|
CVE-2020-15700
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
