|
197011
|
6.8 |
MEDIUM
Network
|
bareos
|
bareos
|
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and conne…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-4042
|
2024-11-21 14:32 |
2020-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197012
|
7.8 |
HIGH
Local
|
vmware
|
fusion
horizon_client
remote_console
|
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability …
|
NVD-CWE-noinfo
|
CVE-2020-3974
|
2024-11-21 14:32 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197013
|
8.8 |
HIGH
Network
|
ibm
|
infosphere_information_server_on_cloud
infosphere_information_server
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim t…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-4305
|
2024-11-21 14:32 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197014
|
4.3 |
MEDIUM
Network
|
ibm
|
security_guardium_insights
infosphere_guardium_activity_monitor
|
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to …
|
NVD-CWE-Other
|
CVE-2020-4173
|
2024-11-21 14:32 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197015
|
8.8 |
HIGH
Network
|
vmware
|
velocloud_orchestrator
|
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted S…
|
CWE-89
SQL Injection
|
CVE-2020-3973
|
2024-11-21 14:32 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197016
|
9.9 |
CRITICAL
Network
|
electronjs
|
electron
|
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context an…
|
NVD-CWE-Other
|
CVE-2020-4077
|
2024-11-21 14:32 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197017
|
9.0 |
CRITICAL
Local
|
electronjs
|
electron
|
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context an…
|
NVD-CWE-Other
|
CVE-2020-4076
|
2024-11-21 14:32 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197018
|
7.5 |
HIGH
Network
|
electronjs
|
electron
|
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure y…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-4075
|
2024-11-21 14:32 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197019
|
9.8 |
CRITICAL
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7…
|
CWE-287
Improper Authentication
|
CVE-2020-4074
|
2024-11-21 14:32 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197020
|
5.4 |
MEDIUM
Network
|
octobercms
|
october
|
In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4061
|
2024-11-21 14:32 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
