|
212051
|
7.5 |
HIGH
Network
|
mattermost
|
mattermost
|
An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022.
|
NVD-CWE-noinfo
|
CVE-2020-13891
|
2024-11-21 14:02 |
2020-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212052
|
9.8 |
CRITICAL
Network
|
mi
|
xiaomi_r3600_firmware
|
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14095
|
2024-11-21 14:02 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212053
|
9.8 |
CRITICAL
Network
|
mi
|
xiaomi_r3600_firmware
|
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14094
|
2024-11-21 14:02 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212054
|
6.1 |
MEDIUM
Network
|
naviwebs
|
navigate_cms
|
An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User fiel…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14018
|
2024-11-21 14:02 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212055
|
7.5 |
HIGH
Network
|
naviwebs
|
navigate_cms
|
An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticate…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-14017
|
2024-11-21 14:02 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212056
|
5.3 |
MEDIUM
Network
|
naviwebs
|
navigate_cms
|
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account.…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2020-14016
|
2024-11-21 14:02 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212057
|
7.5 |
HIGH
Network
|
naviwebs
|
navigate_cms
|
An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no a…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2020-14015
|
2024-11-21 14:02 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212058
|
5.4 |
MEDIUM
Network
|
naviwebs
|
navigate_cms
|
An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to re…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14014
|
2024-11-21 14:02 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212059
|
5.4 |
MEDIUM
Network
|
solarwinds
|
orion_network_performance_monitor
orion_web_performance_monitor
|
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14007
|
2024-11-21 14:02 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212060
|
5.4 |
MEDIUM
Network
|
solarwinds
|
orion_network_performance_monitor
orion_web_performance_monitor
|
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14006
|
2024-11-21 14:02 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
