|
198741
|
9.8 |
CRITICAL
Network
|
f5
|
big-iq_centralized_management
|
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.
|
CWE-78
OS Command
|
CVE-2020-5868
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198742
|
8.1 |
HIGH
Network
|
f5
netapp
|
nginx_controller
cloud_backup
|
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
|
CWE-319
CWE-494
Cleartext Transmission of Sensitive Information
Download of Code Without Integrity Check
|
CVE-2020-5867
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198743
|
5.5 |
MEDIUM
Local
|
f5
|
nginx_controller
|
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.
|
CWE-200
Information Exposure
|
CVE-2020-5866
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198744
|
4.8 |
MEDIUM
Network
|
f5
netapp
|
nginx_controller
cloud_backup
|
In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-5865
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198745
|
7.4 |
HIGH
Network
|
f5
|
nginx_controller
|
In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-5864
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198746
|
7.5 |
HIGH
Network
|
sharp
|
aquos_sh-m02_firmware
aquos_sh-rm02_firmware
aquos_mini_sh-m03_firmware
aquos_l2_firmware
aquos_sense_lite_sh-m05_firmware
aquos_sense_firmware
aquos_compact_sh-m06_firmware
aquo…
|
SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build num…
|
CWE-200
Information Exposure
|
CVE-2020-5571
|
2024-11-21 14:34 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198747
|
7.8 |
HIGH
Local
|
plex
|
media_server
|
Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-5740
|
2024-11-21 14:34 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198748
|
8.4 |
HIGH
Local
|
toshiba
|
password_tool_for_windows
|
An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-5569
|
2024-11-21 14:34 |
2020-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198749
|
5.4 |
MEDIUM
Network
|
tenable
|
tenable.sc
|
Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation technique…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5737
|
2024-11-21 14:34 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198750
|
6.1 |
MEDIUM
Network
|
openmrs
|
openmrs
|
In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of…
|
CWE-601
Open Redirect
|
CVE-2020-5733
|
2024-11-21 14:34 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
