|
215431
|
7.5 |
HIGH
Network
|
dovecot
|
dovecot
|
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-10957
|
2024-11-21 13:56 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215432
|
8.8 |
HIGH
Network
|
typo3
|
typo3
|
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulner…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-11067
|
2024-11-21 13:56 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215433
|
5.4 |
MEDIUM
Network
|
typo3
|
typo3
|
In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality …
|
CWE-79
Cross-site Scripting
|
CVE-2020-11065
|
2024-11-21 13:56 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215434
|
8.8 |
HIGH
Network
|
typo3
|
typo3
|
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can …
|
NVD-CWE-Other
|
CVE-2020-11069
|
2024-11-21 13:56 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215435
|
5.4 |
MEDIUM
Network
|
typo3
|
typo3
|
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of o…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11064
|
2024-11-21 13:56 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215436
|
3.7 |
LOW
Network
|
typo3
|
typo3
|
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enum…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-11063
|
2024-11-21 13:56 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215437
|
10.0 |
CRITICAL
Network
|
typo3
|
typo3
|
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modifi…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-11066
|
2024-11-21 13:56 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215438
|
7.8 |
HIGH
Local
|
autoswitch_python_virtualenv_project
|
autoswitch_python_virtualenv
|
In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.1…
|
CWE-22
Path Traversal
|
CVE-2020-11073
|
2024-11-21 13:56 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215439
|
5.4 |
MEDIUM
Network
|
typo3
|
svg_sanitizer
|
The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11070
|
2024-11-21 13:56 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215440
|
2.2 |
LOW
Network
|
freerdp
canonical
debian
|
freerdp
ubuntu_linux
debian_linux
|
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a …
|
-
|
CVE-2020-11058
|
2024-11-21 13:56 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
