|
202461
|
8.1 |
HIGH
Network
|
nextcloud
fedoraproject
|
group_folders
fedora
|
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-8153
|
2024-11-21 14:38 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202462
|
7.5 |
HIGH
Network
|
rubyonrails
fedoraproject
|
active_resource
fedora
|
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak inf…
|
CWE-863
Incorrect Authorization
|
CVE-2020-8151
|
2024-11-21 14:38 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202463
|
5.3 |
MEDIUM
Network
|
mongodb
|
mongodb
|
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechani…
|
CWE-863
Incorrect Authorization
|
CVE-2020-7921
|
2024-11-21 14:38 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202464
|
6.1 |
MEDIUM
Network
|
commscope
|
ruckus_zoneflex_r500_firmware
|
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8033
|
2024-11-21 14:38 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202465
|
8.1 |
HIGH
Network
|
commscope
|
ruckus_zoneflex_r500_firmware
|
A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks.
|
CWE-352
Origin Validation Error
|
CVE-2020-7983
|
2024-11-21 14:38 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202466
|
7.8 |
HIGH
Local
|
suse
|
linux_enterprise_desktop
|
A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-8018
|
2024-11-21 14:38 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202467
|
6.8 |
MEDIUM
Physics
|
ui
|
unifi_cloud_key_gen2_firmware
unifi_cloud_key_gen2_plus_firmware
|
UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).
|
NVD-CWE-noinfo
|
CVE-2020-8157
|
2024-11-21 14:38 |
2020-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202468
|
7.8 |
HIGH
Local
|
abb
|
800xa_information_management
|
Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to injec…
|
NVD-CWE-Other
|
CVE-2020-8489
|
2024-11-21 14:38 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202469
|
7.8 |
HIGH
Local
|
abb
|
800xa_batch_management
|
Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data…
|
NVD-CWE-Other
|
CVE-2020-8488
|
2024-11-21 14:38 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202470
|
7.8 |
HIGH
Local
|
abb
|
800xa_base_system
|
Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect nod…
|
NVD-CWE-Other
|
CVE-2020-8487
|
2024-11-21 14:38 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
