|
209341
|
5.3 |
MEDIUM
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
|
NVD-CWE-noinfo
|
CVE-2020-27629
|
2024-11-21 14:21 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209342
|
4.3 |
MEDIUM
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
|
NVD-CWE-noinfo
|
CVE-2020-27628
|
2024-11-21 14:21 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209343
|
5.3 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-27626
|
2024-11-21 14:21 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209344
|
5.3 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
|
NVD-CWE-noinfo
|
CVE-2020-27625
|
2024-11-21 14:21 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209345
|
5.3 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-27624
|
2024-11-21 14:21 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209346
|
6.1 |
MEDIUM
Network
|
chronoengine
|
chronoforums
|
Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27459
|
2024-11-21 14:21 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209347
|
8.8 |
HIGH
Network
|
flexdotnetcms_project
|
flexdotnetcms
|
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g.,…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-27386
|
2024-11-21 14:21 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209348
|
8.1 |
HIGH
Network
|
flexdotnetcms_project
|
flexdotnetcms
|
Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root.…
|
CWE-22
Path Traversal
|
CVE-2020-27385
|
2024-11-21 14:21 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209349
|
9.8 |
CRITICAL
Network
|
goodlayers
|
good_learning_management_system
|
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to…
|
CWE-89
SQL Injection
|
CVE-2020-27481
|
2024-11-21 14:21 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209350
|
7.1 |
HIGH
Adjacent
|
audi
|
mmi_multiplayer
|
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory con…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-27524
|
2024-11-21 14:21 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
