|
210391
|
7.5 |
HIGH
Network
|
openvpn
fedoraproject
canonical
debian
|
openvpn
fedora
ubuntu_linux
debian_linux
|
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentia…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15078
|
2024-11-21 14:04 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210392
|
7.1 |
HIGH
Local
|
openvpn
|
connect
|
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
|
CWE-59
Link Following
|
CVE-2020-15075
|
2024-11-21 14:04 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210393
|
6.5 |
MEDIUM
Network
|
bloomreach
|
experience_manager
|
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.
|
CWE-352
Origin Validation Error
|
CVE-2020-14989
|
2024-11-21 14:04 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210394
|
5.4 |
MEDIUM
Network
|
bloomreach
|
experience_manager
|
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML ele…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14988
|
2024-11-21 14:04 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210395
|
7.2 |
HIGH
Network
|
bloomreach
|
experience_manager
|
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for adminis…
|
CWE-74
CWE-862
Injection
Missing Authorization
|
CVE-2020-14987
|
2024-11-21 14:04 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210396
|
9.1 |
CRITICAL
Network
|
loklak_project
|
loklak
|
loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. A…
|
-
|
CVE-2020-15097
|
2024-11-21 14:04 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210397
|
9.8 |
CRITICAL
Network
|
oracle
|
utilities_framework
coherence
|
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1…
|
NVD-CWE-noinfo
|
CVE-2020-14756
|
2024-11-21 14:04 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210398
|
4.7 |
MEDIUM
Network
|
oracle
|
cloud_infrastructure_identity_and_access_management
|
Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access …
|
NVD-CWE-noinfo
|
CVE-2020-14874
|
2024-11-21 14:04 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210399
|
5.9 |
MEDIUM
Network
|
askey
|
ap5100w_firmware
|
Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exc…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-15023
|
2024-11-21 14:04 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210400
|
9.8 |
CRITICAL
Network
|
oracle
|
fusion_middleware
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.…
|
NVD-CWE-noinfo
|
CVE-2020-14750
|
2024-11-21 14:04 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
