|
210321
|
6.5 |
MEDIUM
Network
|
redhat
netapp
|
wildfly
jboss_enterprise_application_platform
single_sign-on
jboss_fuse
jboss_data_grid
openshift_application_runtimes
fuse
oncommand_insight
service_level_manager
active_i…
|
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able…
|
-
|
CVE-2020-25689
|
2024-11-21 14:18 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210322
|
8.8 |
HIGH
Network
|
openfind
|
mailgates
mailaudit
|
MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token.
|
CWE-78
OS Command
|
CVE-2020-25849
|
2024-11-21 14:18 |
2020-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210323
|
7.5 |
HIGH
Network
|
ansible_collections_project
|
community.crypto
|
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2020-25646
|
2024-11-21 14:18 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210324
|
7.5 |
HIGH
Network
|
commvault
|
commcell
|
In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instea…
|
CWE-22
Path Traversal
|
CVE-2020-25780
|
2024-11-21 14:18 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210325
|
5.4 |
MEDIUM
Network
|
wso2
|
enterprise_integrator
|
WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25516
|
2024-11-21 14:18 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210326
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_firmware
|
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2020-25765
|
2024-11-21 14:18 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210327
|
6.1 |
MEDIUM
Network
|
antsword_project
|
antsword
|
AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25470
|
2024-11-21 14:18 |
2020-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210328
|
9.8 |
CRITICAL
Network
|
ucms_project
|
ucms
|
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25483
|
2024-11-21 14:18 |
2020-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210329
|
9.8 |
CRITICAL
Network
|
crmeb
|
crmeb
|
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-25466
|
2024-11-21 14:18 |
2020-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210330
|
6.5 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-25820
|
2024-11-21 14:18 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
