|
199921
|
6.5 |
MEDIUM
Network
|
outsystems
|
outsystems
|
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29441
|
2024-11-21 14:24 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199922
|
4.6 |
MEDIUM
Physics
|
tesla
|
model_x_firmware
|
Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a veh…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-29440
|
2024-11-21 14:24 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199923
|
4.6 |
MEDIUM
Physics
|
tesla
|
model_x_firmware
|
Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN…
|
NVD-CWE-noinfo
|
CVE-2020-29439
|
2024-11-21 14:24 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199924
|
6.5 |
MEDIUM
Adjacent
|
tesla
|
model_x_firmware
|
Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a se…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-29438
|
2024-11-21 14:24 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199925
|
3.3 |
LOW
Local
|
paloaltonetworks
|
pan-os
|
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-2048
|
2024-11-21 14:24 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199926
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitra…
|
CWE-78
OS Command
|
CVE-2020-2000
|
2024-11-21 14:24 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199927
|
8.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an inva…
|
CWE-287
Improper Authentication
|
CVE-2020-2050
|
2024-11-21 14:24 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199928
|
7.5 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panor…
|
CWE-269
Improper Privilege Management
|
CVE-2020-2022
|
2024-11-21 14:24 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199929
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. Thi…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-2042
|
2024-11-21 14:24 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199930
|
7.5 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb servic…
|
NVD-CWE-Other
|
CVE-2020-2041
|
2024-11-21 14:24 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
