|
220551
|
9.8 |
CRITICAL
Network
|
svglib_project
|
svglib
|
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.
|
CWE-611
XXE
|
CVE-2020-10799
|
2024-11-21 13:56 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220552
|
7.5 |
HIGH
Network
|
it-novum
|
openitcockpit
|
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-10792
|
2024-11-21 13:56 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220553
|
8.8 |
HIGH
Network
|
suse
|
rancher
|
In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.
|
CWE-863
Incorrect Authorization
|
CVE-2020-10676
|
2024-11-21 13:55 |
2023-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220554
|
8.1 |
HIGH
Network
|
fasterxml
oracle
|
jackson-databind
retail_merchandising_system
retail_sales_audit
|
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10650
|
2024-11-21 13:55 |
2022-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220555
|
7.5 |
HIGH
Network
|
python
redhat
fedoraproject
|
python
enterprise_linux
software_collections
quay
fedora
|
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for…
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2020-10735
|
2024-11-21 13:55 |
2022-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220556
|
7.8 |
HIGH
Local
|
automationbroker
|
apb
|
A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running…
|
CWE-269
Improper Privilege Management
|
CVE-2020-10728
|
2024-11-21 13:55 |
2022-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220557
|
4.4 |
MEDIUM
Local
|
theforeman
|
foreman
|
A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-10710
|
2024-11-21 13:55 |
2022-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220558
|
9.8 |
CRITICAL
Network
|
emerson
|
openenterprise_scada_server
|
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10640
|
2024-11-21 13:55 |
2022-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220559
|
7.5 |
HIGH
Network
|
emerson
|
openenterprise_scada_server
|
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-10636
|
2024-11-21 13:55 |
2022-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220560
|
4.3 |
MEDIUM
Network
|
kuka
|
sim_pro
|
Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext.
|
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
|
CVE-2020-10635
|
2024-11-21 13:55 |
2022-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
