|
218481
|
9.8 |
CRITICAL
Network
|
pango
|
virtual_private_network_software_development_kit
|
An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path whe…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-12828
|
2024-11-21 14:00 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218482
|
7.5 |
HIGH
Network
|
libexif_project
canonical
opensuse
|
libexif
ubuntu_linux
leap
|
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-13114
|
2024-11-21 14:00 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218483
|
9.1 |
CRITICAL
Network
|
libexif_project
debian
canonical
opensuse
|
libexif
debian_linux
ubuntu_linux
leap
|
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-13112
|
2024-11-21 14:00 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218484
|
8.8 |
HIGH
Network
|
centreon
|
centreon
|
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include…
|
CWE-78
OS Command
|
CVE-2020-13252
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218485
|
8.8 |
HIGH
Network
|
mariadb
opensuse
fedoraproject
|
connector\/c
leap
fedora
|
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code s…
|
NVD-CWE-noinfo
|
CVE-2020-13249
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218486
|
7.8 |
HIGH
Local
|
microweber
|
microweber
|
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User scr…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13241
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218487
|
7.5 |
HIGH
Network
|
gitea
|
gitea
|
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another.
|
CWE-667
Improper Locking
|
CVE-2020-13246
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218488
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mec…
|
CWE-668
CWE-276
Exposure of Resource to Wrong Sphere
Incorrect Default Permissions
|
CVE-2020-13240
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218489
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13239
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218490
|
6.5 |
MEDIUM
Network
|
cacti
fedoraproject
|
cacti
fedora
|
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
|
CWE-352
Origin Validation Error
|
CVE-2020-13231
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
