|
210831
|
9.8 |
CRITICAL
Network
|
expo
|
expo
|
secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used.
|
NVD-CWE-noinfo
|
CVE-2020-24653
|
2024-11-21 14:15 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210832
|
4.9 |
MEDIUM
Network
|
sonatype
|
nexus
|
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-24622
|
2024-11-21 14:15 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210833
|
6.1 |
MEDIUM
Network
|
techkshetrainfo
|
savsoft_quiz
|
TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the …
|
CWE-79
Cross-site Scripting
|
CVE-2020-24609
|
2024-11-21 14:15 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210834
|
8.8 |
HIGH
Network
|
fossil-scm
fedoraproject
opensuse
|
fossil
fedora
leap
backports_sle
|
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.
|
CWE-862
Missing Authorization
|
CVE-2020-24614
|
2024-11-21 14:15 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210835
|
8.1 |
HIGH
Network
|
fasterxml
netapp
oracle
debian
|
jackson-databind
active_iq_unified_manager
application_testing_suite
agile_plm
communications_policy_management
communications_diameter_signaling_router
communications_services_gate…
|
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-24616
|
2024-11-21 14:15 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210836
|
6.8 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24613
|
2024-11-21 14:15 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210837
|
8.8 |
HIGH
Network
|
raspap
|
raspap
|
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (…
|
CWE-78
OS Command
|
CVE-2020-24572
|
2024-11-21 14:15 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210838
|
4.7 |
MEDIUM
Local
|
fedoraproject
|
selinux-policy
|
An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode…
|
CWE-287
Improper Authentication
|
CVE-2020-24612
|
2024-11-21 14:15 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210839
|
7.5 |
HIGH
Network
|
squid-cache
canonical
debian
fedoraproject
opensuse
|
squid
ubuntu_linux
debian_linux
fedora
leap
|
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only o…
|
CWE-667
Improper Locking
|
CVE-2020-24606
|
2024-11-21 14:15 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210840
|
6.5 |
MEDIUM
Network
|
wso2
|
identity_server_analytics
api_microgateway
api_manager
enterprise_integrator
api_manager_analytics
|
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0,…
|
CWE-611
XXE
|
CVE-2020-24591
|
2024-11-21 14:15 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
