|
214851
|
9.8 |
CRITICAL
Network
|
crossbeam_project
|
crossbeam
|
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as th…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-15254
|
2024-11-21 14:05 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214852
|
4.8 |
MEDIUM
Network
|
grocy
|
grocy
|
Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries,…
|
-
|
CVE-2020-15253
|
2024-11-21 14:05 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214853
|
9.3 |
CRITICAL
Network
|
sylabs
opensuse
|
singularity
leap
backports_sle
|
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`,…
|
-
|
CVE-2020-15229
|
2024-11-21 14:05 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214854
|
6.8 |
MEDIUM
Adjacent
|
openenclave
|
openenclave
|
In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host applicat…
|
NVD-CWE-Other
|
CVE-2020-15224
|
2024-11-21 14:05 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214855
|
6.5 |
MEDIUM
Network
|
mirahezebots
|
channelmgnt
|
In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled…
|
CWE-862
Missing Authorization
|
CVE-2020-15251
|
2024-11-21 14:05 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214856
|
5.5 |
MEDIUM
Local
|
junit
debian
apache
oracle
|
junit4
debian_linux
pluto
communications_cloud_native_core_policy
|
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared bet…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15250
|
2024-11-21 14:05 |
2020-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214857
|
9.8 |
CRITICAL
Network
|
smartstore
|
smartstore
|
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plu…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15243
|
2024-11-21 14:05 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214858
|
6.1 |
MEDIUM
Network
|
typo3
|
fluid_engine
typo3
|
TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional oper…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15241
|
2024-11-21 14:05 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214859
|
6.1 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. …
|
-
|
CVE-2020-15242
|
2024-11-21 14:05 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214860
|
5.9 |
MEDIUM
Network
|
mozilla
|
thunderbird
|
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunde…
|
NVD-CWE-noinfo
|
CVE-2020-15646
|
2024-11-21 14:05 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
