|
209981
|
7.3 |
HIGH
Local
|
anuko
|
time_tracker
|
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for exampl…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-15255
|
2024-11-21 14:05 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209982
|
8.8 |
HIGH
Network
|
xwiki
|
xwiki
|
In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantia…
|
CWE-74
Injection
|
CVE-2020-15252
|
2024-11-21 14:05 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209983
|
8.0 |
HIGH
Network
|
wire
|
wire
|
In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with a…
|
-
|
CVE-2020-15258
|
2024-11-21 14:05 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209984
|
9.8 |
CRITICAL
Network
|
crossbeam_project
|
crossbeam
|
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as th…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-15254
|
2024-11-21 14:05 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209985
|
4.8 |
MEDIUM
Network
|
grocy
|
grocy
|
Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries,…
|
-
|
CVE-2020-15253
|
2024-11-21 14:05 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209986
|
9.3 |
CRITICAL
Network
|
sylabs
opensuse
|
singularity
leap
backports_sle
|
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`,…
|
-
|
CVE-2020-15229
|
2024-11-21 14:05 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209987
|
6.8 |
MEDIUM
Adjacent
|
openenclave
|
openenclave
|
In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host applicat…
|
NVD-CWE-Other
|
CVE-2020-15224
|
2024-11-21 14:05 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209988
|
6.5 |
MEDIUM
Network
|
mirahezebots
|
channelmgnt
|
In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled…
|
CWE-862
Missing Authorization
|
CVE-2020-15251
|
2024-11-21 14:05 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209989
|
5.5 |
MEDIUM
Local
|
junit
debian
apache
oracle
|
junit4
debian_linux
pluto
communications_cloud_native_core_policy
|
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared bet…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15250
|
2024-11-21 14:05 |
2020-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209990
|
9.8 |
CRITICAL
Network
|
smartstore
|
smartstore
|
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plu…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15243
|
2024-11-21 14:05 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
