|
201671
|
6.4 |
MEDIUM
Local
|
ruby-lang
debian
canonical
fedoraproject
opensuse
|
rake
debian_linux
ubuntu_linux
fedora
leap
|
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
|
CWE-78
OS Command
|
CVE-2020-8130
|
2024-11-21 14:38 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201672
|
6.5 |
MEDIUM
Network
|
puppet
|
puppet_agent
puppet
|
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infras…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-7942
|
2024-11-21 14:38 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201673
|
9.8 |
CRITICAL
Network
|
jyaml_project
|
jyaml
|
JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-8441
|
2024-11-21 14:38 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201674
|
9.8 |
CRITICAL
Network
|
broadcom
|
unified_infrastructure_management
|
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitra…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-8012
|
2024-11-21 14:38 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201675
|
7.5 |
HIGH
Network
|
broadcom
|
unified_infrastructure_management
|
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash …
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-8011
|
2024-11-21 14:38 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201676
|
9.8 |
CRITICAL
Network
|
broadcom
|
unified_infrastructure_management
|
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute …
|
NVD-CWE-Other
|
CVE-2020-8010
|
2024-11-21 14:38 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201677
|
5.3 |
MEDIUM
Network
|
labvantage
|
labvantage
|
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-7959
|
2024-11-21 14:38 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201678
|
9.8 |
CRITICAL
Network
|
horde
fedoraproject
debian
|
groupware
fedora
debian_linux
|
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
|
CWE-94
Code Injection
|
CVE-2020-8518
|
2024-11-21 14:38 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201679
|
9.8 |
CRITICAL
Network
|
unitrends
|
backup
|
In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.
|
CWE-89
SQL Injection
|
CVE-2020-8427
|
2024-11-21 14:38 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201680
|
9.8 |
CRITICAL
Network
|
script-manager_project
|
script-manager
|
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code.
|
CWE-94
Code Injection
|
CVE-2020-8129
|
2024-11-21 14:38 |
2020-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
