|
201951
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.
|
NVD-CWE-noinfo
|
CVE-2020-5566
|
2024-11-21 14:34 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201952
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.
|
CWE-20
Improper Input Validation
|
CVE-2020-5565
|
2024-11-21 14:34 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201953
|
6.1 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5564
|
2024-11-21 14:34 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201954
|
5.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.
|
CWE-287
Improper Authentication
|
CVE-2020-5563
|
2024-11-21 14:34 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201955
|
4.9 |
MEDIUM
Network
|
cybozu
|
garoon
|
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-5562
|
2024-11-21 14:34 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201956
|
8.1 |
HIGH
Adjacent
|
f5
|
big-iq_centralized_management
|
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-5870
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201957
|
9.1 |
CRITICAL
Network
|
f5
|
big-iq_centralized_management
|
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.
|
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
|
CVE-2020-5869
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201958
|
9.8 |
CRITICAL
Network
|
f5
|
big-iq_centralized_management
|
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.
|
CWE-78
OS Command
|
CVE-2020-5868
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201959
|
8.1 |
HIGH
Network
|
f5
netapp
|
nginx_controller
cloud_backup
|
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
|
CWE-319
CWE-494
Cleartext Transmission of Sensitive Information
Download of Code Without Integrity Check
|
CVE-2020-5867
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201960
|
5.5 |
MEDIUM
Local
|
f5
|
nginx_controller
|
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.
|
CWE-200
Information Exposure
|
CVE-2020-5866
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
