|
210811
|
5.4 |
MEDIUM
Network
|
sugarcrm
|
sugarcrm
|
SugarCRM before 10.1.0 (Q3 2020) allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-17372
|
2024-11-21 14:07 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210812
|
5.4 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field…
|
CWE-79
Cross-site Scripting
|
CVE-2020-16266
|
2024-11-21 14:07 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210813
|
9.8 |
CRITICAL
Network
|
firejail_project
debian
fedoraproject
opensuse
|
firejail
debian_linux
fedora
leap
|
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
|
CWE-78
OS Command
|
CVE-2020-17368
|
2024-11-21 14:07 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210814
|
7.8 |
HIGH
Local
|
firejail_project
debian
fedoraproject
opensuse
|
firejail
debian_linux
fedora
leap
|
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.
|
CWE-88
Argument Injection
|
CVE-2020-17367
|
2024-11-21 14:07 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210815
|
6.1 |
MEDIUM
Network
|
carson-saint
|
saint_security_suite
|
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user…
|
CWE-79
Cross-site Scripting
|
CVE-2020-16278
|
2024-11-21 14:07 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210816
|
8.8 |
HIGH
Network
|
carson-saint
|
saint_security_suite
|
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
|
CWE-89
SQL Injection
|
CVE-2020-16277
|
2024-11-21 14:07 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210817
|
8.8 |
HIGH
Network
|
carson-saint
|
saint_security_suite
|
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
|
CWE-89
SQL Injection
|
CVE-2020-16276
|
2024-11-21 14:07 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210818
|
6.1 |
MEDIUM
Network
|
carson-saint
|
saint_security_suite
|
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-16275
|
2024-11-21 14:07 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210819
|
5.8 |
MEDIUM
Network
|
prometheus
|
blackbox_exporter
|
Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerab…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-16248
|
2024-11-21 14:07 |
2020-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210820
|
8.8 |
HIGH
Network
|
sophos
|
xg_firewall_firmware
|
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.
|
CWE-78
OS Command
|
CVE-2020-17352
|
2024-11-21 14:07 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
