|
207421
|
7.5 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes use…
|
CWE-74
Injection
|
CVE-2020-5230
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207422
|
8.1 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causi…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-5229
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207423
|
7.5 |
HIGH
Network
|
apereo
|
opencast
|
Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active u…
|
CWE-862
Missing Authorization
|
CVE-2020-5228
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207424
|
6.1 |
MEDIUM
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
|
CWE-601
Open Redirect
|
CVE-2020-5233
|
2024-11-21 14:33 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207425
|
7.5 |
HIGH
Network
|
feedgen_project
|
feedgen
|
Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *feedgen* library allows supplying XML as content for some of the available fields. This XML will be parsed …
|
CWE-776
XML Entity Expansion
|
CVE-2020-5227
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207426
|
7.5 |
HIGH
Network
|
google
|
tensorflow
|
In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the gra…
|
CWE-20
Improper Input Validation
|
CVE-2020-5215
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207427
|
9.8 |
CRITICAL
Network
|
nethack
|
nethack
|
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escala…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5211
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207428
|
9.8 |
CRITICAL
Network
|
nethack
|
nethack
|
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects syst…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5214
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207429
|
9.8 |
CRITICAL
Network
|
nethack
|
nethack
|
In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerabilit…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5213
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207430
|
9.8 |
CRITICAL
Network
|
nethack
|
nethack
|
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulne…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5212
|
2024-11-21 14:33 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
