|
211221
|
6.5 |
MEDIUM
Network
|
dolibarr
|
dolibarr
|
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" …
|
NVD-CWE-noinfo
|
CVE-2020-14201
|
2024-11-21 14:02 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211222
|
7.5 |
HIGH
Network
|
zulip
|
zulip_server
|
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
|
CWE-269
Improper Privilege Management
|
CVE-2020-14215
|
2024-11-21 14:02 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211223
|
5.4 |
MEDIUM
Network
|
zulip
|
zulip_server
|
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
|
CWE-269
Improper Privilege Management
|
CVE-2020-14194
|
2024-11-21 14:02 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211224
|
7.5 |
HIGH
Network
|
apache
debian
|
shiro
debian_linux
|
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
|
NVD-CWE-noinfo
|
CVE-2020-13933
|
2024-11-21 14:02 |
2020-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211225
|
8.8 |
HIGH
Network
|
apache
|
solr
|
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-co…
|
CWE-20
Improper Input Validation
|
CVE-2020-13941
|
2024-11-21 14:02 |
2020-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211226
|
4.3 |
MEDIUM
Network
|
redhat
|
quay
|
An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot…
|
NVD-CWE-noinfo
|
CVE-2020-14313
|
2024-11-21 14:02 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211227
|
7.1 |
HIGH
Network
|
redhat
|
cloudforms_management_engine
|
Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal netw…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-14296
|
2024-11-21 14:02 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211228
|
9.8 |
CRITICAL
Network
|
apache
|
skywalking
|
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.
|
CWE-89
SQL Injection
|
CVE-2020-13921
|
2024-11-21 14:02 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211229
|
6.0 |
MEDIUM
Local
|
gnu
redhat
opensuse
canonical
|
grub2
enterprise_linux
enterprise_linux_eus
enterprise_linux_server_tus
enterprise_linux_server_aus
leap
ubuntu_linux
|
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow lead…
|
-
|
CVE-2020-14311
|
2024-11-21 14:02 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211230
|
6.0 |
MEDIUM
Local
|
gnu
redhat
opensuse
canonical
|
grub2
enterprise_linux
enterprise_linux_eus
enterprise_linux_server_tus
enterprise_linux_server_aus
leap
ubuntu_linux
|
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with bu…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-14310
|
2024-11-21 14:02 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
