|
211381
|
6.1 |
MEDIUM
Network
|
roundcube
debian
fedoraproject
|
webmail
debian_linux
fedora
|
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13965
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211382
|
6.1 |
MEDIUM
Network
|
roundcube
fedoraproject
debian
|
webmail
fedora
debian_linux
|
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13964
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211383
|
7.5 |
HIGH
Network
|
mumble
qt
fedoraproject
opensuse
|
mumble
qt
fedora
leap
|
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors le…
|
NVD-CWE-noinfo
|
CVE-2020-13962
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211384
|
7.5 |
HIGH
Network
|
dlink
|
dsl-2730u_firmware
dir-600m_firmware
|
D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (a…
|
NVD-CWE-noinfo
|
CVE-2020-13960
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211385
|
7.8 |
HIGH
Local
|
citrix
|
workspace_app
|
Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13885
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211386
|
7.8 |
HIGH
Local
|
citrix
|
workspace_app
|
Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13884
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211387
|
7.8 |
HIGH
Local
|
qbik
|
wingate
|
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-13866
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211388
|
7.3 |
HIGH
Local
|
solarwinds
|
advanced_monitoring_agent
|
SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-13912
|
2024-11-21 14:02 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211389
|
9.1 |
CRITICAL
Network
|
pengutronix
|
barebox
|
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds che…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-13910
|
2024-11-21 14:02 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211390
|
9.8 |
CRITICAL
Network
|
facade
|
ignition
|
The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. NOTE: in the 1.x series, versions 1.16.15 and later are unaffected as a consequence of the CVE-2021…
|
NVD-CWE-noinfo
|
CVE-2020-13909
|
2024-11-21 14:02 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
