CVE-2020-23129
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Devamını Oku
Devamını oku
CVE-2020-23128 (chamilo_lms)
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege. Devamını Oku
CVE-2020-23128
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege. Devamını Oku
CVE-2020-23127 (chamilo_lms)
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. Devamını Oku
CVE-2020-23127
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. Devamını Oku
CVE-2020-23126 (chamilo_lms)
Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends. Devamını Oku
CVE-2020-23126
Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends. Devamını Oku
CVE-2020-23109 (libheif)
Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file. Devamını Oku
CVE-2020-23109
Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file. Devamını Oku
CVE-2020-23083
Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload". Devamını Oku
CVE-2020-23079 (halo)
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. Devamını Oku
CVE-2020-23079
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. Devamını Oku