|
210221
|
7.5 |
HIGH
Network
|
mit
fedoraproject
netapp
oracle
|
kerberos_5
fedora
cloud_backup
snapcenter
oncommand_workflow_automation
oncommand_insight
active_iq_unified_manager
communications_offline_mediation_controller
mysql_server
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite l…
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-28196
|
2024-11-21 14:22 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
210222
|
9.8 |
CRITICAL
Network
|
cellinx
|
nvt_web_server
|
Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side.
|
NVD-CWE-Other
|
CVE-2020-28250
|
2024-11-21 14:22 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210223
|
6.1 |
MEDIUM
Network
|
joplin_project
|
joplin
|
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28249
|
2024-11-21 14:22 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210224
|
6.5 |
MEDIUM
Network
|
maxmind
debian
fedoraproject
|
libmaxminddb
debian_linux
fedora
|
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-28241
|
2024-11-21 14:22 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210225
|
6.5 |
MEDIUM
Network
|
asterisk
sangoma
fedoraproject
debian
|
certified_asterisk
asterisk
fedora
debian_linux
|
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenge…
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-28242
|
2024-11-21 14:22 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210226
|
8.8 |
HIGH
Network
|
web-audimex
|
audimexee
|
SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.
|
CWE-89
SQL Injection
|
CVE-2020-28115
|
2024-11-21 14:22 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210227
|
5.4 |
MEDIUM
Network
|
web-audimex
|
audimexee
|
AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbit…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28047
|
2024-11-21 14:22 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210228
|
9.8 |
CRITICAL
Network
|
git_large_file_storage_project
|
git_large_file_storage
|
Git LFS 2.12.0 allows Remote Code Execution.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-27955
|
2024-11-21 14:22 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210229
|
6.3 |
MEDIUM
Local
|
sddm_project
opensuse
debian
fedoraproject
|
sddm
leap
debian_linux
fedora
|
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server with…
|
CWE-362
Race Condition
|
CVE-2020-28049
|
2024-11-21 14:22 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210230
|
7.8 |
HIGH
Local
|
pax
|
prolinos
|
An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid install…
|
CWE-269
Improper Privilege Management
|
CVE-2020-28046
|
2024-11-21 14:22 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
