|
210651
|
9.8 |
CRITICAL
Network
|
jsrsasign_project
netapp
|
jsrsasign
max_data
|
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertext…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-14967
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210652
|
7.5 |
HIGH
Network
|
jsrsasign_project
netapp
|
jsrsasign
max_data
|
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appe…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-14966
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210653
|
5.4 |
MEDIUM
Network
|
machothemes
|
image_photo_gallery_final_tiles_grid
|
Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14962
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210654
|
5.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.
|
NVD-CWE-noinfo
|
CVE-2020-14961
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210655
|
7.2 |
HIGH
Network
|
php-fusion
|
php-fusion
|
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,
|
CWE-89
SQL Injection
|
CVE-2020-14960
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210656
|
5.4 |
MEDIUM
Network
|
goldplugins
|
easy_testimonials
|
Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, We…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14959
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210657
|
6.5 |
MEDIUM
Network
|
gogs
|
gogs
|
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-14958
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210658
|
5.9 |
MEDIUM
Network
|
mutt
debian
neomutt
fedoraproject
canonical
opensuse
|
mutt
debian_linux
neomutt
fedora
ubuntu_linux
leap
|
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g.,…
|
CWE-74
Injection
|
CVE-2020-14954
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210659
|
8.8 |
HIGH
Network
|
aapanel
|
aapanel
|
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setti…
|
CWE-78
OS Command
|
CVE-2020-14950
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210660
|
9.8 |
CRITICAL
Network
|
tendenci
|
tendenci
|
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14942
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
