|
209771
|
7.5 |
HIGH
Network
|
hcc-embedded
|
nichestack_tcp\/ip
|
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). T…
|
CWE-331
Insufficient Entropy
|
CVE-2020-25926
|
2024-11-21 14:19 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209772
|
9.8 |
CRITICAL
Network
|
hcc-embedded
|
nichestack_tcp\/ip
|
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2020-25928
|
2024-11-21 14:19 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209773
|
8.8 |
HIGH
Network
|
dell
|
emc_powerscale_onefs
emc_isilon_onefs
|
Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-26180
|
2024-11-21 14:19 |
2021-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209774
|
6.1 |
MEDIUM
Network
|
eventespresso
|
event_espresso
|
A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.1…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26153
|
2024-11-21 14:19 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209775
|
6.5 |
MEDIUM
Network
|
silverstripe
|
silverstripe
|
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.
|
CWE-287
Improper Authentication
|
CVE-2020-26136
|
2024-11-21 14:19 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209776
|
5.3 |
MEDIUM
Network
|
silverstripe
|
silverstripe
|
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation.
|
CWE-20
Improper Input Validation
|
CVE-2020-26138
|
2024-11-21 14:19 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209777
|
4.8 |
MEDIUM
Network
|
intland
|
codebeamer
|
A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a pr…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26517
|
2024-11-21 14:19 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209778
|
8.8 |
HIGH
Network
|
intland
|
codebeamer
|
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allow…
|
CWE-352
Origin Validation Error
|
CVE-2020-26516
|
2024-11-21 14:19 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209779
|
7.5 |
HIGH
Network
|
intland
|
codebeamer
|
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's…
|
CWE-327
CWE-522
Use of a Broken or Risky Cryptographic Algorithm
Insufficiently Protected Credentials
|
CVE-2020-26515
|
2024-11-21 14:19 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209780
|
6.1 |
MEDIUM
Network
|
online_examination_system_project
|
online_examination_system
|
Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26006
|
2024-11-21 14:19 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
