|
210201
|
7.5 |
HIGH
Network
|
broadcom
|
sannav
|
Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-15381
|
2024-11-21 14:05 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210202
|
9.0 |
CRITICAL
Network
|
mariadb
debian
percona
galeracluster
|
mariadb
debian_linux
xtradb_cluster
galera_cluster_for_mysql
|
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary…
|
CWE-77
Command Injection
|
CVE-2020-15180
|
2024-11-21 14:05 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210203
|
5.9 |
MEDIUM
Network
|
bouncycastle
|
legion-of-the-bouncy-castle-fips-java-api
bc-csharp
bouncy_castle_fips_.net_api
the_bouncy_castle_crypto_package_for_java
|
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about …
|
CWE-362
Race Condition
|
CVE-2020-15522
|
2024-11-21 14:05 |
2021-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210204
|
3.3 |
LOW
Local
|
bitdefender
|
endpoint_security_tools
|
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion…
|
NVD-CWE-Other
|
CVE-2020-15279
|
2024-11-21 14:05 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210205
|
6.5 |
MEDIUM
Network
|
django-filter_project
fedoraproject
|
django-filter
fedora
|
django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was lat…
|
-
|
CVE-2020-15225
|
2024-11-21 14:05 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210206
|
9.8 |
CRITICAL
Network
|
pega
|
pega_platform
|
pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo.
|
CWE-269
Improper Privilege Management
|
CVE-2020-15390
|
2024-11-21 14:05 |
2021-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210207
|
6.8 |
MEDIUM
Network
|
teluu
|
pjsip
|
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, P…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15260
|
2024-11-21 14:05 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210208
|
9.8 |
CRITICAL
Network
|
terra-master
|
tos
|
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attac…
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2020-15568
|
2024-11-21 14:05 |
2021-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210209
|
5.4 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. Thi…
|
-
|
CVE-2020-15221
|
2024-11-21 14:05 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210210
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This…
|
-
|
CVE-2020-15220
|
2024-11-21 14:05 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
