|
208521
|
3.3 |
LOW
Local
|
imagemagick
debian
opensuse
|
imagemagick
debian_linux
leap
|
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
|
CWE-369
Divide By Zero
|
CVE-2020-27560
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208522
|
6.1 |
MEDIUM
Network
|
bigbluebutton
|
greenlight
|
A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27642
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208523
|
7.5 |
HIGH
Network
|
fastd_project
debian
fedoraproject
|
fastd
debian_linux
fedora
|
receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.
|
CWE-617
Reachable Assertion
|
CVE-2020-27638
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208524
|
4.3 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address …
|
NVD-CWE-Other
|
CVE-2020-27621
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208525
|
6.1 |
MEDIUM
Network
|
mediawiki
|
skin\
|
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSoc…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27620
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208526
|
9.8 |
CRITICAL
Network
|
python
fedoraproject
oracle
|
python
fedora
communications_cloud_native_core_network_function_cloud_native_environment
|
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
|
NVD-CWE-noinfo
|
CVE-2020-27619
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208527
|
9.8 |
CRITICAL
Network
|
loginizer
|
loginizer
|
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.
|
CWE-89
SQL Injection
|
CVE-2020-27615
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208528
|
6.1 |
MEDIUM
Network
|
cminds
|
cm_download_manager
|
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27344
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208529
|
8.4 |
HIGH
Local
|
bigbluebutton
|
bigbluebutton
|
The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-27613
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208530
|
4.3 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publis…
|
CWE-200
Information Exposure
|
CVE-2020-27612
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
