|
212361
|
6.1 |
MEDIUM
Network
|
extremenetworks
|
extreme_management_center
|
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
|
CWE-79
Cross-site Scripting
|
CVE-2020-16847
|
2024-11-21 14:07 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212362
|
5.9 |
MEDIUM
Network
|
amazon
|
firecracker
|
In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured wit…
|
NVD-CWE-noinfo
|
CVE-2020-16843
|
2024-11-21 14:07 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212363
|
9.1 |
CRITICAL
Network
|
kee
|
keepassrpc
|
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database vi…
|
CWE-20
Improper Input Validation
|
CVE-2020-16272
|
2024-11-21 14:07 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212364
|
9.1 |
CRITICAL
Network
|
kee
|
keepassrpc
|
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket …
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-16271
|
2024-11-21 14:07 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212365
|
5.5 |
MEDIUM
Local
|
radare
fedoraproject
|
radare2
fedora
|
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.
|
NVD-CWE-noinfo
|
CVE-2020-16269
|
2024-11-21 14:07 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212366
|
8.8 |
HIGH
Network
|
mozilla
|
thunderbird
|
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.
|
CWE-77
Command Injection
|
CVE-2020-15685
|
2024-11-21 14:06 |
2022-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212367
|
7.6 |
HIGH
Network
|
mozilla
|
vpn
|
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as …
|
CWE-384
Session Fixation
|
CVE-2020-15679
|
2024-11-21 14:06 |
2022-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212368
|
5.3 |
MEDIUM
Network
|
fedoraproject
|
supybot-fedora
|
supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time.
|
NVD-CWE-noinfo
|
CVE-2020-15853
|
2024-11-21 14:06 |
2022-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212369
|
6.1 |
MEDIUM
Network
|
redhat
|
bodhi
|
Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15855
|
2024-11-21 14:06 |
2022-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212370
|
7.5 |
HIGH
Network
|
lemonldap-ng
debian
|
lemonldap\
debian_linux
|
In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::L…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-16093
|
2024-11-21 14:06 |
2022-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
