|
211181
|
5.3 |
MEDIUM
Network
|
palletsprojects
fedoraproject
|
jinja
fedora
|
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-28493
|
2024-11-21 14:22 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211182
|
7.3 |
HIGH
Network
|
kill-process-on-port_project
|
kill-process-on-port
|
All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.
|
CWE-78
OS Command
|
CVE-2020-28426
|
2024-11-21 14:22 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211183
|
9.8 |
CRITICAL
Network
|
accel-ppp
|
accel-ppp
|
Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS …
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2020-28194
|
2024-11-21 14:22 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211184
|
6.5 |
MEDIUM
Network
|
iris
|
star_practice_management
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audi…
|
NVD-CWE-noinfo
|
CVE-2020-28406
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211185
|
8.8 |
HIGH
Network
|
iris
|
star_practice_management
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be u…
|
NVD-CWE-noinfo
|
CVE-2020-28405
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211186
|
6.5 |
MEDIUM
Network
|
iris
|
star_practice_management
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.
|
NVD-CWE-noinfo
|
CVE-2020-28404
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211187
|
8.8 |
HIGH
Network
|
iris
|
star
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be …
|
CWE-352
Origin Validation Error
|
CVE-2020-28403
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211188
|
8.8 |
HIGH
Network
|
iris
|
star_practice_management
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.
|
NVD-CWE-noinfo
|
CVE-2020-28402
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211189
|
6.5 |
MEDIUM
Network
|
iris
|
star_practice_management
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.
|
NVD-CWE-noinfo
|
CVE-2020-28401
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211190
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
ecostruxure_operator_terminal_expert
pro-face_blue
|
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution whe…
|
-
|
CVE-2020-28221
|
2024-11-21 14:22 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
