|
218461
|
7.5 |
HIGH
Network
|
perl
netapp
fedoraproject
opensuse
oracle
|
perl
snap_creator_framework
oncommand_workflow_automation
fedora
leap
communications_eagle_lnp_application_processor
sd-wan_edge
enterprise_manager_base_platform
communication…
|
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-12723
|
2024-11-21 14:00 |
2020-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218462
|
5.4 |
MEDIUM
Network
|
pydio
|
cells
|
Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated …
|
CWE-79
Cross-site Scripting
|
CVE-2020-12849
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218463
|
5.4 |
MEDIUM
Network
|
pydio
|
cells
|
In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous u…
|
CWE-287
Improper Authentication
|
CVE-2020-12848
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218464
|
6.1 |
MEDIUM
Network
|
pydio
|
cells
|
Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12853
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218465
|
8.1 |
HIGH
Network
|
pydio
|
cells
|
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging…
|
CWE-22
Path Traversal
|
CVE-2020-12851
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218466
|
6.8 |
MEDIUM
Network
|
pydio
|
cells
|
The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves dow…
|
CWE-20
Improper Input Validation
|
CVE-2020-12852
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218467
|
7.2 |
HIGH
Network
|
pydio
|
cells
|
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the po…
|
NVD-CWE-noinfo
|
CVE-2020-12847
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218468
|
5.9 |
MEDIUM
Network
|
djangoproject
canonical
fedoraproject
netapp
debian
oracle
|
django
ubuntu_linux
fedora
steelstore_cloud_integrated_storage
sra_plugin
debian_linux
zfs_storage_appliance_kit
|
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collis…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-13254
|
2024-11-21 14:00 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218469
|
8.0 |
HIGH
Network
|
synacor
|
zimbra_collaboration_suite
|
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can up…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-12846
|
2024-11-21 14:00 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218470
|
8.8 |
HIGH
Network
|
sysax
|
multi_server
|
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token.
|
CWE-384
Session Fixation
|
CVE-2020-13229
|
2024-11-21 14:00 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
