|
202481
|
7.5 |
HIGH
Network
|
jetbrains
|
rider
|
In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-7906
|
2024-11-21 14:37 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202482
|
7.5 |
HIGH
Network
|
jetbrains
|
intellij_idea
|
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.
|
NVD-CWE-noinfo
|
CVE-2020-7905
|
2024-11-21 14:37 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202483
|
7.4 |
HIGH
Network
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-7904
|
2024-11-21 14:37 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202484
|
7.2 |
HIGH
Network
|
fusionauth
|
fusionauth
|
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute …
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2020-7799
|
2024-11-21 14:37 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202485
|
8.8 |
HIGH
Network
|
codecov
|
nodejs_uploader
|
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.
|
CWE-78
OS Command
|
CVE-2020-7596
|
2024-11-21 14:37 |
2020-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202486
|
7.5 |
HIGH
Network
|
xmlsoft
fedoraproject
canonical
debian
siemens
netapp
oracle
|
libxml2
fedora
ubuntu_linux
debian_linux
sinema_remote_connect_server
steelstore_cloud_integrated_storage
clustered_data_ontap
smi-s_provider
snapdrive
symantec_netbackup
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-7595
|
2024-11-21 14:37 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
202487
|
7.2 |
HIGH
Network
|
multitech
|
conduit_mtcdt-lvw2-246a_firmware
|
MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metac…
|
CWE-78
OS Command
|
CVE-2020-7594
|
2024-11-21 14:37 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202488
|
4.8 |
MEDIUM
Network
|
sonoff
|
th10_firmware
th16_firmware
|
Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field (after a successful login with the Web Admin Password).
|
CWE-79
Cross-site Scripting
|
CVE-2020-7470
|
2024-11-21 14:37 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202489
|
7.5 |
HIGH
Network
|
mozilla
|
bleach
|
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2020-6817
|
2024-11-21 14:36 |
2023-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202490
|
9.8 |
CRITICAL
Network
|
seagate
|
stcg2000300_firmware
stcg3000300_firmware
stcg4000300_firmware
|
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_help…
|
CWE-78
OS Command
|
CVE-2020-6627
|
2024-11-21 14:36 |
2022-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
