|
209821
|
9.6 |
CRITICAL
Network
|
mitel
|
micloud_management_portal
|
Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an …
|
CWE-79
Cross-site Scripting
|
CVE-2020-24594
|
2024-11-21 14:15 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209822
|
7.2 |
HIGH
Network
|
mitel
|
micloud_management_portal
|
Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.
|
CWE-20
CWE-89
Improper Input Validation
SQL Injection
|
CVE-2020-24593
|
2024-11-21 14:15 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209823
|
5.3 |
MEDIUM
Network
|
mitel
|
micloud_management_portal
|
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2020-24592
|
2024-11-21 14:15 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209824
|
9.8 |
CRITICAL
Network
|
hpe
|
utility_computing_service_meter
|
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
|
CWE-22
Path Traversal
|
CVE-2020-24626
|
2024-11-21 14:15 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209825
|
7.5 |
HIGH
Network
|
hpe
|
utility_computing_service_meter
|
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
|
CWE-22
Path Traversal
|
CVE-2020-24625
|
2024-11-21 14:15 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209826
|
7.5 |
HIGH
Network
|
hpe
|
utility_computing_service_meter
|
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
|
CWE-22
Path Traversal
|
CVE-2020-24624
|
2024-11-21 14:15 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209827
|
5.9 |
MEDIUM
Network
|
meltytech
|
shotcut
|
In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24619
|
2024-11-21 14:15 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209828
|
6.5 |
MEDIUM
Adjacent
|
hpe
|
universal_api_framework
|
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API…
|
CWE-89
SQL Injection
|
CVE-2020-24623
|
2024-11-21 14:15 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209829
|
9.8 |
CRITICAL
Network
|
lemonldap-ng
debian
|
lemonldap\
debian_linux
|
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also af…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2020-24660
|
2024-11-21 14:15 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209830
|
6.1 |
MEDIUM
Network
|
zulipchat
|
zulip_desktop
|
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24582
|
2024-11-21 14:15 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
