|
210511
|
9.1 |
CRITICAL
Network
|
ftp-srv_project
|
ftp-srv
|
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-15152
|
2024-11-21 14:04 |
2020-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210512
|
9.0 |
CRITICAL
Network
|
openapi-python-client_project
|
openapi-python-client
|
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbit…
|
CWE-94
Code Injection
|
CVE-2020-15142
|
2024-11-21 14:04 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210513
|
4.1 |
MEDIUM
Network
|
openapi-python-client_project
|
openapi-python-client
|
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files t…
|
-
|
CVE-2020-15141
|
2024-11-21 14:04 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210514
|
8.2 |
HIGH
Local
|
getcomposer
|
composer-setup
|
In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user ma…
|
-
|
CVE-2020-15145
|
2024-11-21 14:04 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210515
|
5.9 |
MEDIUM
Physics
|
horndis_project
|
horndis
|
All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. A malicious USB device can trigger disclosure of unrelated kernel memory to userspace applications on…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-15137
|
2024-11-21 14:04 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210516
|
6.1 |
MEDIUM
Network
|
getsymphony
|
symphony
|
content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15071
|
2024-11-21 14:04 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210517
|
7.8 |
HIGH
Local
|
evga
winring0_project
|
precision_x1
winring0
|
The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allow…
|
NVD-CWE-noinfo
|
CVE-2020-14979
|
2024-11-21 14:04 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210518
|
6.1 |
MEDIUM
Network
|
mybb
|
mybb
|
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be expl…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15139
|
2024-11-21 14:04 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210519
|
6.5 |
MEDIUM
Adjacent
|
digitus
|
da-70254_firmware
|
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-15065
|
2024-11-21 14:04 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210520
|
4.3 |
MEDIUM
Adjacent
|
digitus
|
da-70254_firmware
|
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted se…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15064
|
2024-11-21 14:04 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
