|
209761
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
|
CWE-79
Cross-site Scripting
|
CVE-2020-24701
|
2024-11-21 14:15 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209762
|
5.4 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24700
|
2024-11-21 14:15 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209763
|
7.5 |
HIGH
Network
|
dlink
|
dsl-2888a_firmware
|
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-24577
|
2024-11-21 14:15 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209764
|
7.8 |
HIGH
Local
|
arm
|
arm_compiler
|
Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes …
|
CWE-787
CWE-770
Out-of-bounds Write
Allocation of Resources Without Limits or Throttling
|
CVE-2020-24658
|
2024-11-21 14:15 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209765
|
9.8 |
CRITICAL
Network
|
abb
|
symphony_\+_historian
symphony_\+_operations
|
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not a…
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2020-24683
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209766
|
7.0 |
HIGH
Local
|
abb
|
symphony_\+_historian
symphony_\+_operations
|
In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-24680
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209767
|
9.8 |
CRITICAL
Network
|
abb
|
symphony_\+_historian
symphony_\+_operations
|
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the serv…
|
CWE-20
Improper Input Validation
|
CVE-2020-24679
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209768
|
8.8 |
HIGH
Network
|
abb
|
symphony_\+_historian
symphony_\+_operations
|
An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the po…
|
NVD-CWE-noinfo
|
CVE-2020-24678
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209769
|
8.8 |
HIGH
Network
|
abb
|
symphony_\+_historian
symphony_\+_operations
|
Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-24677
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209770
|
7.8 |
HIGH
Local
|
abb
|
symphony_\+_historian
symphony_\+_operations
|
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and res…
|
NVD-CWE-noinfo
|
CVE-2020-24676
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
