|
211301
|
6.5 |
MEDIUM
Network
|
hashicorp
|
nomad
|
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, an…
|
CWE-22
Path Traversal
|
CVE-2020-28348
|
2024-11-21 14:22 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211302
|
9.8 |
CRITICAL
Network
|
private-ip_project
|
private-ip
|
Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN rese…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-28360
|
2024-11-21 14:22 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211303
|
7.8 |
HIGH
Local
|
broadcom
|
unified_infrastructure_management
|
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
|
NVD-CWE-noinfo
|
CVE-2020-28421
|
2024-11-21 14:22 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211304
|
6.5 |
MEDIUM
Network
|
hashicorp
|
consul
|
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
|
CWE-863
Incorrect Authorization
|
CVE-2020-28053
|
2024-11-21 14:22 |
2020-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211305
|
7.8 |
HIGH
Local
|
securityonionsolutions
|
security_onion
|
Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-27985
|
2024-11-21 14:22 |
2020-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211306
|
8.8 |
HIGH
Network
|
schneider-electric
|
ecostruxure_control_expert
|
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution…
|
-
|
CVE-2020-28213
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211307
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
ecostruxure_control_expert
|
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized …
|
-
|
CVE-2020-28212
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211308
|
7.8 |
HIGH
Local
|
schneider-electric
|
ecostruxure_control_expert
|
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memor…
|
-
|
CVE-2020-28211
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211309
|
7.0 |
HIGH
Local
|
schneider-electric
|
enterprise_server_installer
|
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any…
|
-
|
CVE-2020-28209
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211310
|
6.1 |
MEDIUM
Network
|
sokrates
|
sowasql
|
A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28350
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
