|
210811
|
8.8 |
HIGH
Network
|
broadcom
|
fabric_operating_system
|
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote serv…
|
CWE-521
Weak Password Requirements
|
CVE-2020-15369
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210812
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .
|
CWE-79
Cross-site Scripting
|
CVE-2020-15521
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210813
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
|
CWE-89
SQL Injection
|
CVE-2020-15394
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210814
|
8.0 |
HIGH
Network
|
ory
|
fosite
|
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-15223
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210815
|
8.1 |
HIGH
Network
|
ory
|
fosite
|
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When u…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-15222
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210816
|
7.5 |
HIGH
Network
|
trendmicro
|
antivirus\+_2019
internet_security_2019
maximum_security_2019
officescan_cloud
premium_security_2019
|
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another a…
|
CWE-295
CWE-494
Improper Certificate Validation
Download of Code Without Integrity Check
|
CVE-2020-15604
|
2024-11-21 14:05 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210817
|
7.2 |
HIGH
Network
|
brassica
|
soy_cms
|
SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase im…
|
-
|
CVE-2020-15189
|
2024-11-21 14:05 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210818
|
9.8 |
CRITICAL
Network
|
alfresco
|
reset_password
|
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impac…
|
NVD-CWE-Other
|
CVE-2020-15181
|
2024-11-21 14:05 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210819
|
9.8 |
CRITICAL
Network
|
brassica
|
soy_cms
|
SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the ser…
|
-
|
CVE-2020-15188
|
2024-11-21 14:05 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210820
|
2.7 |
LOW
Network
|
helm
|
helm
|
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart.…
|
CWE-74
Injection
|
CVE-2020-15184
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
