|
210861
|
6.7 |
MEDIUM
Local
|
x.org
fedoraproject
canonical
opensuse
|
libx11
fedora
ubuntu_linux
leap
|
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setu…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-14344
|
2024-11-21 14:03 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210862
|
5.9 |
MEDIUM
Network
|
redhat
|
enmasse
amq_online
|
It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authoris…
|
CWE-352
Origin Validation Error
|
CVE-2020-14319
|
2024-11-21 14:03 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210863
|
7.5 |
HIGH
Network
|
inductiveautomation
|
ignition_gateway
|
The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13).
|
CWE-862
Missing Authorization
|
CVE-2020-14520
|
2024-11-21 14:03 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210864
|
5.8 |
MEDIUM
Network
|
redhat
|
ansible_tower
|
A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default or…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-14337
|
2024-11-21 14:03 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210865
|
8.8 |
HIGH
Local
|
redhat
|
satellite
|
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.
|
-
|
CVE-2020-14334
|
2024-11-21 14:03 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210866
|
8.8 |
HIGH
Network
|
freemedsoftware
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-14488
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210867
|
9.8 |
CRITICAL
Network
|
freemedsoftware
|
openclinic_ga
|
OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbit…
|
NVD-CWE-Other
|
CVE-2020-14487
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210868
|
8.8 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands.
|
CWE-863
Incorrect Authorization
|
CVE-2020-14486
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210869
|
8.8 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.
|
CWE-269
Improper Privilege Management
|
CVE-2020-14493
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210870
|
6.1 |
MEDIUM
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14492
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
