|
210651
|
5.0 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-12644
|
2024-11-21 13:59 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210652
|
4.3 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-12643
|
2024-11-21 13:59 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210653
|
8.8 |
HIGH
Network
|
mitel
|
mivoice_connect
|
A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper renderin…
|
CWE-22
Path Traversal
|
CVE-2020-12456
|
2024-11-21 13:59 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210654
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way invol…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-12457
|
2024-11-21 13:59 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210655
|
5.9 |
MEDIUM
Network
|
freron
|
mailmate
|
MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate …
|
NVD-CWE-noinfo
|
CVE-2020-12619
|
2024-11-21 13:59 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210656
|
4.8 |
MEDIUM
Network
|
emclient
|
em_client
|
eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME cert…
|
NVD-CWE-noinfo
|
CVE-2020-12618
|
2024-11-21 13:59 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210657
|
6.5 |
MEDIUM
Network
|
lightbend
|
play_framework
|
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
|
CWE-352
Origin Validation Error
|
CVE-2020-12480
|
2024-11-21 13:59 |
2020-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210658
|
9.8 |
CRITICAL
Network
|
dbsoft
|
sglac
|
An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL comman…
|
CWE-89
SQL Injection
|
CVE-2020-12606
|
2024-11-21 13:59 |
2020-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210659
|
6.1 |
MEDIUM
Network
|
tiny
|
tinymce
|
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12648
|
2024-11-21 13:59 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210660
|
8.2 |
HIGH
Local
|
intel
|
s2600wftr_firmware
s2600wf0r_firmware
s2600wfqr_firmware
s2600bpsr_firmware
s2600bpbr_firmware
s2600bpqr_firmware
s2600stqr_firmware
s2600stbr_firmware
|
Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.
|
CWE-665
Improper Initialization
|
CVE-2020-12301
|
2024-11-21 13:59 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
