|
211251
|
9.9 |
CRITICAL
Network
|
nodebb
|
nodebb
|
NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially …
|
CWE-287
Improper Authentication
|
CVE-2020-15149
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211252
|
9.1 |
CRITICAL
Network
|
contiki-ng
|
contiki-ng
|
Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified dur…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2020-14937
|
2024-11-21 14:04 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211253
|
9.8 |
CRITICAL
Network
|
contiki-ng
|
contiki-ng
|
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writi…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14936
|
2024-11-21 14:04 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211254
|
9.8 |
CRITICAL
Network
|
contiki-ng
|
contiki-ng
|
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input messa…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14935
|
2024-11-21 14:04 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211255
|
9.8 |
CRITICAL
Network
|
contiki-ng
|
contiki-ng
|
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the c…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14934
|
2024-11-21 14:04 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211256
|
9.1 |
CRITICAL
Network
|
ftp-srv_project
|
ftp-srv
|
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-15152
|
2024-11-21 14:04 |
2020-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211257
|
9.0 |
CRITICAL
Network
|
openapi-python-client_project
|
openapi-python-client
|
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbit…
|
CWE-94
Code Injection
|
CVE-2020-15142
|
2024-11-21 14:04 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211258
|
4.1 |
MEDIUM
Network
|
openapi-python-client_project
|
openapi-python-client
|
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files t…
|
-
|
CVE-2020-15141
|
2024-11-21 14:04 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211259
|
8.2 |
HIGH
Local
|
getcomposer
|
composer-setup
|
In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user ma…
|
-
|
CVE-2020-15145
|
2024-11-21 14:04 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211260
|
5.9 |
MEDIUM
Physics
|
horndis_project
|
horndis
|
All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. A malicious USB device can trigger disclosure of unrelated kernel memory to userspace applications on…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-15137
|
2024-11-21 14:04 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
