|
213611
|
9.8 |
CRITICAL
Network
|
connectwise
|
automate
|
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. This was patched in 2020.7 and in a hotfix fo…
|
CWE-287
Improper Authentication
|
CVE-2020-15027
|
2024-11-21 14:04 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213612
|
6.1 |
MEDIUM
Network
|
articatech
|
artica_proxy
|
An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task …
|
CWE-79
Cross-site Scripting
|
CVE-2020-15051
|
2024-11-21 14:04 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213613
|
6.5 |
MEDIUM
Network
|
kronos
|
web_time_and_attendance
|
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Su…
|
CWE-89
SQL Injection
|
CVE-2020-14982
|
2024-11-21 14:04 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213614
|
5.3 |
MEDIUM
Local
|
openenclave
|
openenclave
|
In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface (ABI) for …
|
NVD-CWE-noinfo
|
CVE-2020-15107
|
2024-11-21 14:04 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213615
|
6.5 |
MEDIUM
Network
|
symless
fedoraproject
|
synergy
fedora
|
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB.…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-15117
|
2024-11-21 14:04 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213616
|
3.3 |
LOW
Local
|
schokokeks
|
freewvs
|
In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where…
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-15101
|
2024-11-21 14:04 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213617
|
3.3 |
LOW
Local
|
schokokeks
|
freewvs
|
In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-15100
|
2024-11-21 14:04 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213618
|
7.5 |
HIGH
Network
|
openvpn
|
openvpn_access_server
|
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial t…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-15074
|
2024-11-21 14:04 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213619
|
5.4 |
MEDIUM
Network
|
envoyproxy
|
envoy
|
In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For e…
|
CWE-346
Origin Validation Error
|
CVE-2020-15104
|
2024-11-21 14:04 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213620
|
7.5 |
HIGH
Network
|
supremainc
|
biostar_2
|
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
|
CWE-22
Path Traversal
|
CVE-2020-15050
|
2024-11-21 14:04 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
