|
197391
|
6.0 |
MEDIUM
Network
|
vmware
|
spring_cloud_task
|
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
|
CWE-89
SQL Injection
|
CVE-2020-5428
|
2024-11-21 14:34 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197392
|
7.2 |
HIGH
Network
|
vmware
|
spring_cloud_data_flow
|
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
|
CWE-89
SQL Injection
|
CVE-2020-5427
|
2024-11-21 14:34 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197393
|
7.5 |
HIGH
Network
|
nec
|
univerge_sv9500_firmware
univerge_sv8500_firmware
|
Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature an…
|
CWE-287
Improper Authentication
|
CVE-2020-5686
|
2024-11-21 14:34 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197394
|
9.8 |
CRITICAL
Network
|
nec
|
univerge_sv9500_firmware
univerge_sv8500_firmware
|
UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted req…
|
CWE-78
OS Command
|
CVE-2020-5685
|
2024-11-21 14:34 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197395
|
9.8 |
CRITICAL
Network
|
nec
|
baseboard_management_controller
|
Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Control…
|
CWE-287
Improper Authentication
|
CVE-2020-5633
|
2024-11-21 14:34 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197396
|
8.8 |
HIGH
Network
|
marvell
|
qconvergeconslole_gui
|
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credential…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-5805
|
2024-11-21 14:34 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197397
|
8.1 |
HIGH
Network
|
marvell
|
qconvergeconslole_gui
|
Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path p…
|
CWE-22
Path Traversal
|
CVE-2020-5804
|
2024-11-21 14:34 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197398
|
6.5 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and e…
|
CWE-22
Path Traversal
|
CVE-2020-5811
|
2024-11-21 14:34 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197399
|
5.4 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5810
|
2024-11-21 14:34 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197400
|
5.4 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-5809
|
2024-11-21 14:34 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
