|
209691
|
8.8 |
HIGH
Network
|
getgrav
|
grav_cms
|
The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).
|
CWE-352
Origin Validation Error
|
CVE-2020-29553
|
2024-11-21 14:24 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209692
|
5.5 |
MEDIUM
Local
|
getgrav
|
grav_cms
|
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulner…
|
CWE-22
Path Traversal
|
CVE-2020-29556
|
2024-11-21 14:24 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209693
|
8.1 |
HIGH
Network
|
getgrav
|
grav_cms
|
The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vuln…
|
CWE-22
Path Traversal
|
CVE-2020-29555
|
2024-11-21 14:24 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209694
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_control_plus
|
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation.
|
NVD-CWE-noinfo
|
CVE-2020-29658
|
2024-11-21 14:24 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209695
|
5.3 |
MEDIUM
Network
|
atlassian
|
data_center
jira_server
jira_data_center
|
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attacker…
|
CWE-22
Path Traversal
|
CVE-2020-29453
|
2024-11-21 14:24 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209696
|
5.3 |
MEDIUM
Network
|
atlassian
|
confluence_server
confluence_data_center
|
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated r…
|
NVD-CWE-noinfo
|
CVE-2020-29448
|
2024-11-21 14:24 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209697
|
7.8 |
HIGH
Local
|
dji
|
mavic_2_firmware
|
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.
|
CWE-78
OS Command
|
CVE-2020-29664
|
2024-11-21 14:24 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209698
|
4.4 |
MEDIUM
Local
|
opcfoundation
|
ua-.netstandard
|
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-29457
|
2024-11-21 14:24 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209699
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira
data_center
jira_server
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The a…
|
NVD-CWE-noinfo
|
CVE-2020-29451
|
2024-11-21 14:24 |
2021-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209700
|
5.3 |
MEDIUM
Network
|
jetbrains
oracle
|
kotlin
communications_cloud_native_core_network_slice_selection_function
communications_cloud_native_core_policy
communications_cloud_native_core_service_communication_proxy
|
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permis…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-29582
|
2024-11-21 14:24 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
