|
197691
|
6.5 |
MEDIUM
Network
|
pivotal_software
vmware
|
spring_security
|
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-5408
|
2024-11-21 14:34 |
2020-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197692
|
6.1 |
MEDIUM
Network
|
pivotal_software
|
concourse
|
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth r…
|
CWE-601
Open Redirect
|
CVE-2020-5409
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197693
|
8.8 |
HIGH
Network
|
sixapart
|
movable_type
|
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) an…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-5577
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197694
|
8.8 |
HIGH
Network
|
sixapart
|
movable_type
|
Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Ad…
|
CWE-352
Origin Validation Error
|
CVE-2020-5576
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197695
|
6.1 |
MEDIUM
Network
|
sixapart
|
movable_type
|
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Mo…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5575
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197696
|
5.3 |
MEDIUM
Network
|
sixapart
|
movable_type
|
HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advan…
|
CWE-74
Injection
|
CVE-2020-5574
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197697
|
8.8 |
HIGH
Network
|
pivotal_software
|
spring_security
|
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provide…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-5407
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197698
|
4.8 |
MEDIUM
Network
|
symantec
|
it_analytics
|
Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into we…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5838
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197699
|
5.5 |
MEDIUM
Local
|
f5
|
big-ip_access_policy_manager
big-ip_access_policy_manager_client
|
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoContr…
|
NVD-CWE-Other
|
CVE-2020-5898
|
2024-11-21 14:34 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197700
|
8.8 |
HIGH
Network
|
f5
|
big-ip_access_policy_manager
big-ip_access_policy_manager_client
|
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
|
CWE-416
Use After Free
|
CVE-2020-5897
|
2024-11-21 14:34 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
