|
196531
|
6.5 |
MEDIUM
Network
|
vmware
|
spring_cloud_config
|
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-co…
|
CWE-22
Path Traversal
|
CVE-2020-5405
|
2024-11-21 14:34 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196532
|
8.8 |
HIGH
Adjacent
|
plathome
|
openblocks_iot_vx2_firmware
|
OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2020-5536
|
2024-11-21 14:34 |
2020-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196533
|
8.8 |
HIGH
Adjacent
|
plathome
|
openblocks_iot_vx2_firmware
|
OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2020-5535
|
2024-11-21 14:34 |
2020-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196534
|
7.5 |
HIGH
Network
|
pivotal
|
reactor_netty
|
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-5403
|
2024-11-21 14:34 |
2020-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196535
|
5.9 |
MEDIUM
Network
|
pivotal
|
reactor_netty
|
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. I…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-5404
|
2024-11-21 14:34 |
2020-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196536
|
6.5 |
MEDIUM
Network
|
grandit
|
grandit
|
GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the informa…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-5539
|
2024-11-21 14:34 |
2020-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196537
|
8.8 |
HIGH
Network
|
cloudfoundry
|
cf-deployment
user_account_and_authentication
|
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity pr…
|
CWE-352
Origin Validation Error
|
CVE-2020-5402
|
2024-11-21 14:34 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196538
|
5.3 |
MEDIUM
Network
|
cloudfoundry
|
routing_release
|
Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients try…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-5401
|
2024-11-21 14:34 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196539
|
6.5 |
MEDIUM
Network
|
cloudfoundry
|
cf-deployment
capi-release
|
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the j…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-5400
|
2024-11-21 14:34 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196540
|
8.8 |
HIGH
Adjacent
|
nec
|
aterm_wg2600hs_firmware
aterm_wf1200c_firmware
aterm_wg1200cr_firmware
|
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment t…
|
CWE-78
OS Command
|
CVE-2020-5524
|
2024-11-21 14:34 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
