|
210211
|
9.8 |
CRITICAL
Network
|
proofpoint
|
insider_threat_management_server
|
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an ano…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10655
|
2024-11-21 13:55 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210212
|
8.2 |
HIGH
Network
|
kuka
|
visual_components_network_license_server
|
Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a s…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-10292
|
2024-11-21 13:55 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210213
|
7.5 |
HIGH
Network
|
kuka
|
visual_components_network_license_server
|
Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a s…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10291
|
2024-11-21 13:55 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210214
|
9.8 |
CRITICAL
Network
|
1password
|
scim
command_line_interface
|
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was us…
|
NVD-CWE-noinfo
|
CVE-2020-10256
|
2024-11-21 13:55 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210215
|
7.8 |
HIGH
Local
|
redhat
|
fabric8-maven
|
A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the mave…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10721
|
2024-11-21 13:55 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210216
|
6.1 |
MEDIUM
Local
|
infinispan
|
infinispan-server-runtime
|
A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to…
|
NVD-CWE-Other
|
CVE-2020-10746
|
2024-11-21 13:55 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210217
|
7.5 |
HIGH
Network
|
redhat
netapp
|
wildfly_elytron
jboss_fuse
process_automation
descision_manager
codeready_studio
oncommand_insight
|
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. …
|
-
|
CVE-2020-10714
|
2024-11-21 13:55 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210218
|
4.8 |
MEDIUM
Network
|
redhat
|
undertow
single_sign-on
jboss_enterprise_application_platform
|
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid …
|
-
|
CVE-2020-10687
|
2024-11-21 13:55 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210219
|
7.5 |
HIGH
Network
|
redhat
|
jboss_fuse
wildfly
|
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a …
|
NVD-CWE-Other
|
CVE-2020-10718
|
2024-11-21 13:55 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210220
|
6.1 |
MEDIUM
Network
|
redhat
|
keycloak
single_sign-on
|
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or furt…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10748
|
2024-11-21 13:55 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
