|
210601
|
5.3 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible…
|
CWE-862
Missing Authorization
|
CVE-2020-15080
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210602
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6
|
NVD-CWE-noinfo
|
CVE-2020-15079
|
2024-11-21 14:04 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210603
|
8.8 |
HIGH
Network
|
factorfx
|
open_computer_software_inventory_next_generation
|
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandl…
|
CWE-78
OS Command
|
CVE-2020-14947
|
2024-11-21 14:04 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210604
|
8.8 |
HIGH
Network
|
squid-cache
fedoraproject
|
squid
fedora
|
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-15049
|
2024-11-21 14:04 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210605
|
8.8 |
HIGH
Network
|
prestosql
|
presto
|
In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication conf…
|
NVD-CWE-Other
|
CVE-2020-15087
|
2024-11-21 14:04 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210606
|
6.1 |
MEDIUM
Local
|
mirumee
|
saleor
|
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with…
|
-
|
CVE-2020-15085
|
2024-11-21 14:04 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210607
|
9.1 |
CRITICAL
Network
|
auth0
|
express-jwt
|
In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, wi…
|
CWE-863
Incorrect Authorization
|
CVE-2020-15084
|
2024-11-21 14:04 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210608
|
7.8 |
HIGH
Local
|
arswp
|
windows_cleanup_assistant
|
In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…
|
CWE-20
Improper Input Validation
|
CVE-2020-14957
|
2024-11-21 14:04 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210609
|
7.8 |
HIGH
Local
|
arswp
|
windows_cleanup_assistant
|
In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…
|
CWE-20
Improper Input Validation
|
CVE-2020-14956
|
2024-11-21 14:04 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210610
|
9.8 |
CRITICAL
Network
|
sophos
|
xg_firewall_firmware
|
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-15069
|
2024-11-21 14:04 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
