|
209121
|
8.2 |
HIGH
Network
|
prestashop
|
productcomments
|
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
|
CWE-89
SQL Injection
|
CVE-2020-26248
|
2024-11-21 14:19 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209122
|
6.5 |
MEDIUM
Network
|
pimcore
|
pimcore
|
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-26246
|
2024-11-21 14:19 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209123
|
6.8 |
MEDIUM
Network
|
python_openid_connect_project
|
python_openid_connect
|
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The iss…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-26244
|
2024-11-21 14:19 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209124
|
6.3 |
MEDIUM
Network
|
jupyter
|
oauthenticator
|
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which s…
|
CWE-863
Incorrect Authorization
|
CVE-2020-26250
|
2024-11-21 14:19 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209125
|
9.8 |
CRITICAL
Network
|
systeminformation
|
systeminformation
|
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper poll…
|
CWE-78
OS Command
|
CVE-2020-26245
|
2024-11-21 14:19 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209126
|
7.5 |
HIGH
Network
|
nanopb_project
|
nanopb
|
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an …
|
-
|
CVE-2020-26243
|
2024-11-21 14:19 |
2020-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209127
|
6.5 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. I…
|
-
|
CVE-2020-26212
|
2024-11-21 14:19 |
2020-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209128
|
7.5 |
HIGH
Network
|
ethereum
|
go_ethereum
|
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1…
|
NVD-CWE-noinfo
|
CVE-2020-26242
|
2024-11-21 14:19 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209129
|
7.1 |
HIGH
Network
|
ethereum
|
go_ethereum
|
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where …
|
-
|
CVE-2020-26241
|
2024-11-21 14:19 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209130
|
7.5 |
HIGH
Network
|
ethereum
|
go_ethereum
|
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate …
|
CWE-682
Incorrect Calculation
|
CVE-2020-26240
|
2024-11-21 14:19 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
