|
217771
|
8.1 |
HIGH
Network
|
fasterxml
netapp
debian
oracle
|
jackson-databind
steelstore_cloud_integrated_storage
active_iq_unified_manager
debian_linux
agile_plm
banking_digital_experience
communications_instant_messaging_server
communica…
|
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14195
|
2024-11-21 14:02 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217772
|
7.5 |
HIGH
Network
|
jerryscript
|
jerryscript
|
An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-14163
|
2024-11-21 14:02 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217773
|
8.8 |
HIGH
Network
|
connectwise
|
automate_api
|
By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL…
|
CWE-89
SQL Injection
|
CVE-2020-14159
|
2024-11-21 14:02 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217774
|
8.8 |
HIGH
Network
|
openbmc-project
|
openbmc
|
user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-14156
|
2024-11-21 14:02 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217775
|
7.5 |
HIGH
Network
|
troglobit
|
uftpd
|
In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-14149
|
2024-11-21 14:02 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217776
|
7.5 |
HIGH
Network
|
barton
debian
fedoraproject
|
ngircd
debian_linux
fedora
|
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-14148
|
2024-11-21 14:02 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217777
|
7.7 |
HIGH
Network
|
redislabs
oracle
suse
debian
|
redis
communications_operations_monitor
linux_enterprise
debian_linux
|
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (me…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-14147
|
2024-11-21 14:02 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217778
|
5.3 |
MEDIUM
Network
|
pcre
apple
gitlab
oracle
netapp
splunk
|
pcre
macos
gitlab
communications_cloud_native_core_policy
cloud_backup
steelstore_cloud_integrated_storage
ontap_select_deploy_administration_utility
clustered_data_ontap
acti…
|
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-14155
|
2024-11-21 14:02 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217779
|
4.8 |
MEDIUM
Network
|
mutt
canonical
|
mutt
ubuntu_linux
|
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
|
NVD-CWE-Other
|
CVE-2020-14154
|
2024-11-21 14:02 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217780
|
7.1 |
HIGH
Local
|
ijg
|
libjpeg
|
In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-14153
|
2024-11-21 14:02 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
