|
202461
|
4.4 |
MEDIUM
Local
|
suse
|
caas_platform
|
A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitr…
|
-
|
CVE-2020-8030
|
2024-11-21 14:38 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202462
|
4.0 |
MEDIUM
Local
|
suse
|
caas_platform
|
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platfor…
|
-
|
CVE-2020-8029
|
2024-11-21 14:38 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202463
|
5.4 |
MEDIUM
Network
|
opensuse
|
open_build_service
|
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly es…
|
-
|
CVE-2020-8031
|
2024-11-21 14:38 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202464
|
6.6 |
MEDIUM
Local
|
opensuse
|
openldap2
|
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to…
|
-
|
CVE-2020-8027
|
2024-11-21 14:38 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202465
|
4.9 |
MEDIUM
Network
|
lenovo
|
xclarity_administrator
|
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-8355
|
2024-11-21 14:38 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202466
|
5.4 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8294
|
2024-11-21 14:38 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202467
|
8.8 |
HIGH
Adjacent
|
adt
|
lifeshield_diy_hd_video_doorbell_firmware
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same network to e…
|
CWE-77
Command Injection
|
CVE-2020-8101
|
2024-11-21 14:38 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202468
|
7.5 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8295
|
2024-11-21 14:38 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202469
|
6.5 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage wi…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8293
|
2024-11-21 14:38 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202470
|
5.4 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8292
|
2024-11-21 14:38 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
