|
201531
|
6.5 |
MEDIUM
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 1…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-4477
|
2024-11-21 14:32 |
2020-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201532
|
6.5 |
MEDIUM
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote serv…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-4471
|
2024-11-21 14:32 |
2020-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201533
|
8.0 |
HIGH
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-4470
|
2024-11-21 14:32 |
2020-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201534
|
9.8 |
CRITICAL
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulner…
|
CWE-78
OS Command
|
CVE-2020-4469
|
2024-11-21 14:32 |
2020-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201535
|
9.8 |
CRITICAL
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to e…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-4216
|
2024-11-21 14:32 |
2020-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201536
|
5.4 |
MEDIUM
Network
|
ibm
|
spectrum_protect_client
spectrum_protect_for_space_management
|
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-4406
|
2024-11-21 14:32 |
2020-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201537
|
3.1 |
LOW
Network
|
wordpress
fedoraproject
debian
|
wordpress
fedora
debian_linux
|
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misus…
|
-
|
CVE-2020-4050
|
2024-11-21 14:32 |
2020-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201538
|
2.4 |
LOW
Network
|
wordpress
fedoraproject
debian
|
wordpress
fedora
debian_linux
|
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does requi…
|
-
|
CVE-2020-4049
|
2024-11-21 14:32 |
2020-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201539
|
5.7 |
MEDIUM
Network
|
wordpress
fedoraproject
debian
|
wordpress
fedora
debian_linux
|
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has…
|
-
|
CVE-2020-4048
|
2024-11-21 14:32 |
2020-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201540
|
6.8 |
MEDIUM
Network
|
wordpress
fedoraproject
debian
|
wordpress
fedora
debian_linux
|
In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to sc…
|
-
|
CVE-2020-4047
|
2024-11-21 14:32 |
2020-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
