|
210561
|
5.4 |
MEDIUM
Network
|
torchbox
|
wagtail
|
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard …
|
CWE-79
Cross-site Scripting
|
CVE-2020-15118
|
2024-11-21 14:04 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210562
|
5.4 |
MEDIUM
Network
|
gofiber
|
fiber
|
In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an att…
|
CWE-74
Injection
|
CVE-2020-15111
|
2024-11-21 14:04 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210563
|
7.8 |
HIGH
Local
|
asus
|
screenpad2_upgrade_tool
|
AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned cod…
|
CWE-426
Untrusted Search Path
|
CVE-2020-15009
|
2024-11-21 14:04 |
2020-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210564
|
8.1 |
HIGH
Network
|
jupyterhub
|
kubespawner
|
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. T…
|
CWE-863
Incorrect Authorization
|
CVE-2020-15110
|
2024-11-21 14:04 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210565
|
7.1 |
HIGH
Network
|
glpi-project
|
glpi
|
In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1.
|
CWE-89
SQL Injection
|
CVE-2020-15108
|
2024-11-21 14:04 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210566
|
5.9 |
MEDIUM
Network
|
gnome
debian
fedoraproject
canonical
|
evolution-data-server
debian_linux
fedora
ubuntu_linux
|
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS c…
|
CWE-74
Injection
|
CVE-2020-14928
|
2024-11-21 14:04 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210567
|
9.8 |
CRITICAL
Network
|
connectwise
|
automate
|
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. This was patched in 2020.7 and in a hotfix fo…
|
CWE-287
Improper Authentication
|
CVE-2020-15027
|
2024-11-21 14:04 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210568
|
6.1 |
MEDIUM
Network
|
articatech
|
artica_proxy
|
An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task …
|
CWE-79
Cross-site Scripting
|
CVE-2020-15051
|
2024-11-21 14:04 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210569
|
6.5 |
MEDIUM
Network
|
kronos
|
web_time_and_attendance
|
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Su…
|
CWE-89
SQL Injection
|
CVE-2020-14982
|
2024-11-21 14:04 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210570
|
5.3 |
MEDIUM
Local
|
openenclave
|
openenclave
|
In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface (ABI) for …
|
NVD-CWE-noinfo
|
CVE-2020-15107
|
2024-11-21 14:04 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
