|
202291
|
4.3 |
MEDIUM
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
|
CWE-269
Improper Privilege Management
|
CVE-2020-7908
|
2024-11-21 14:37 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202292
|
7.5 |
HIGH
Network
|
jetbrains
|
rider
|
In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-7906
|
2024-11-21 14:37 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202293
|
7.5 |
HIGH
Network
|
jetbrains
|
intellij_idea
|
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.
|
NVD-CWE-noinfo
|
CVE-2020-7905
|
2024-11-21 14:37 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202294
|
7.4 |
HIGH
Network
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-7904
|
2024-11-21 14:37 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202295
|
7.2 |
HIGH
Network
|
fusionauth
|
fusionauth
|
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute …
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2020-7799
|
2024-11-21 14:37 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202296
|
8.8 |
HIGH
Network
|
codecov
|
nodejs_uploader
|
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.
|
CWE-78
OS Command
|
CVE-2020-7596
|
2024-11-21 14:37 |
2020-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202297
|
7.5 |
HIGH
Network
|
xmlsoft
fedoraproject
canonical
debian
siemens
netapp
oracle
|
libxml2
fedora
ubuntu_linux
debian_linux
sinema_remote_connect_server
steelstore_cloud_integrated_storage
clustered_data_ontap
smi-s_provider
snapdrive
symantec_netbackup
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-7595
|
2024-11-21 14:37 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
202298
|
7.2 |
HIGH
Network
|
multitech
|
conduit_mtcdt-lvw2-246a_firmware
|
MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metac…
|
CWE-78
OS Command
|
CVE-2020-7594
|
2024-11-21 14:37 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202299
|
4.8 |
MEDIUM
Network
|
sonoff
|
th10_firmware
th16_firmware
|
Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field (after a successful login with the Web Admin Password).
|
CWE-79
Cross-site Scripting
|
CVE-2020-7470
|
2024-11-21 14:37 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202300
|
7.5 |
HIGH
Network
|
mozilla
|
bleach
|
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2020-6817
|
2024-11-21 14:36 |
2023-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
