|
202741
|
7.5 |
HIGH
Network
|
nec
|
univerge_sv9500_firmware
univerge_sv8500_firmware
|
Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature an…
|
CWE-287
Improper Authentication
|
CVE-2020-5686
|
2024-11-21 14:34 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202742
|
9.8 |
CRITICAL
Network
|
nec
|
univerge_sv9500_firmware
univerge_sv8500_firmware
|
UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted req…
|
CWE-78
OS Command
|
CVE-2020-5685
|
2024-11-21 14:34 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202743
|
9.8 |
CRITICAL
Network
|
nec
|
baseboard_management_controller
|
Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Control…
|
CWE-287
Improper Authentication
|
CVE-2020-5633
|
2024-11-21 14:34 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202744
|
8.8 |
HIGH
Network
|
marvell
|
qconvergeconslole_gui
|
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credential…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-5805
|
2024-11-21 14:34 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202745
|
8.1 |
HIGH
Network
|
marvell
|
qconvergeconslole_gui
|
Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path p…
|
CWE-22
Path Traversal
|
CVE-2020-5804
|
2024-11-21 14:34 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202746
|
6.5 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and e…
|
CWE-22
Path Traversal
|
CVE-2020-5811
|
2024-11-21 14:34 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202747
|
5.4 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5810
|
2024-11-21 14:34 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202748
|
5.4 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-5809
|
2024-11-21 14:34 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202749
|
7.5 |
HIGH
Network
|
rockwellautomation
|
factorytalk_diagnostics
|
An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log en…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-5807
|
2024-11-21 14:34 |
2020-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202750
|
5.5 |
MEDIUM
Local
|
rockwellautomation
|
factorytalk_linx
|
An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-5806
|
2024-11-21 14:34 |
2020-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
