|
201551
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongomirror
database_tools
|
Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in acc…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-7924
|
2024-11-21 14:38 |
2021-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201552
|
5.5 |
MEDIUM
Local
|
lenovo
|
pcmanager
|
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-8357
|
2024-11-21 14:38 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201553
|
4.9 |
MEDIUM
Network
|
lenovo
|
xclarity_orchestrator
|
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in cl…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-8356
|
2024-11-21 14:38 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201554
|
9.8 |
CRITICAL
Network
|
fs-path_project
|
fs-path
|
fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.
|
CWE-77
Command Injection
|
CVE-2020-8298
|
2024-11-21 14:38 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201555
|
6.7 |
MEDIUM
Local
|
nextcloud
fedoraproject
|
nextcloud_server
fedora
|
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.
|
CWE-521
Weak Password Requirements
|
CVE-2020-8296
|
2024-11-21 14:38 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201556
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21…
|
NVD-CWE-Other
|
CVE-2020-7929
|
2024-11-21 14:38 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201557
|
7.0 |
HIGH
Local
|
opensuse
|
cyrus-sasl
|
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4…
|
-
|
CVE-2020-8032
|
2024-11-21 14:38 |
2021-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201558
|
4.3 |
MEDIUM
Network
|
nextcloud
|
deck
|
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-8297
|
2024-11-21 14:38 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201559
|
4.4 |
MEDIUM
Local
|
suse
|
caas_platform
|
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitr…
|
-
|
CVE-2020-8030
|
2024-11-21 14:38 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201560
|
4.0 |
MEDIUM
Local
|
suse
|
caas_platform
|
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platfor…
|
-
|
CVE-2020-8029
|
2024-11-21 14:38 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
