|
212491
|
7.8 |
HIGH
Local
|
redhat
|
fabric8-maven
|
A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the mave…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10721
|
2024-11-21 13:55 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212492
|
6.1 |
MEDIUM
Local
|
infinispan
|
infinispan-server-runtime
|
A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to…
|
NVD-CWE-Other
|
CVE-2020-10746
|
2024-11-21 13:55 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212493
|
7.5 |
HIGH
Network
|
redhat
netapp
|
wildfly_elytron
jboss_fuse
process_automation
descision_manager
codeready_studio
oncommand_insight
|
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. …
|
-
|
CVE-2020-10714
|
2024-11-21 13:55 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212494
|
4.8 |
MEDIUM
Network
|
redhat
|
undertow
single_sign-on
jboss_enterprise_application_platform
|
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid …
|
-
|
CVE-2020-10687
|
2024-11-21 13:55 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212495
|
7.5 |
HIGH
Network
|
redhat
|
jboss_fuse
wildfly
|
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a …
|
NVD-CWE-Other
|
CVE-2020-10718
|
2024-11-21 13:55 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212496
|
6.1 |
MEDIUM
Network
|
redhat
|
keycloak
single_sign-on
|
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or furt…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10748
|
2024-11-21 13:55 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212497
|
4.3 |
MEDIUM
Network
|
redhat
|
openshift
|
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the…
|
CWE-20
Improper Input Validation
|
CVE-2020-10715
|
2024-11-21 13:55 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212498
|
7.3 |
HIGH
Local
|
postgresql
|
postgresql
|
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working…
|
CWE-426
Untrusted Search Path
|
CVE-2020-10733
|
2024-11-21 13:55 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212499
|
8.8 |
HIGH
Network
|
vtenext
|
vtenext
|
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
|
CWE-352
Origin Validation Error
|
CVE-2020-10229
|
2024-11-21 13:55 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212500
|
8.8 |
HIGH
Network
|
vtenext
|
vtenext
|
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10228
|
2024-11-21 13:55 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
