|
209431
|
5.3 |
MEDIUM
Network
|
atlassian
|
confluence_server
confluence_data_center
|
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated r…
|
NVD-CWE-noinfo
|
CVE-2020-29448
|
2024-11-21 14:24 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209432
|
7.8 |
HIGH
Local
|
dji
|
mavic_2_firmware
|
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.
|
CWE-78
OS Command
|
CVE-2020-29664
|
2024-11-21 14:24 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209433
|
4.4 |
MEDIUM
Local
|
opcfoundation
|
ua-.netstandard
|
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-29457
|
2024-11-21 14:24 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209434
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira
data_center
jira_server
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira projects via an Information Disclosure vulnerability in the Jira Projects plugin report page. The a…
|
NVD-CWE-noinfo
|
CVE-2020-29451
|
2024-11-21 14:24 |
2021-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209435
|
5.3 |
MEDIUM
Network
|
jetbrains
oracle
|
kotlin
communications_cloud_native_core_network_slice_selection_function
communications_cloud_native_core_policy
communications_cloud_native_core_service_communication_proxy
|
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permis…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-29582
|
2024-11-21 14:24 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209436
|
5.3 |
MEDIUM
Network
|
linuxfoundation
|
harbor
|
In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-29662
|
2024-11-21 14:24 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209437
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-825_r1_firmware
|
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-29557
|
2024-11-21 14:24 |
2021-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209438
|
4.3 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues …
|
CWE-863
Incorrect Authorization
|
CVE-2020-29605
|
2024-11-21 14:24 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209439
|
6.5 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, …
|
CWE-862
Missing Authorization
|
CVE-2020-29604
|
2024-11-21 14:24 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209440
|
4.3 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having acc…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-29603
|
2024-11-21 14:24 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
