|
209591
|
6.5 |
MEDIUM
Network
|
squid-cache
|
squid
|
An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop AB…
|
CWE-662
Improper Synchronization
|
CVE-2020-14059
|
2024-11-21 14:02 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209592
|
7.5 |
HIGH
Network
|
squid-cache
fedoraproject
netapp
|
squid
fedora
cloud_manager
|
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Se…
|
NVD-CWE-noinfo
|
CVE-2020-14058
|
2024-11-21 14:02 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209593
|
5.9 |
MEDIUM
Network
|
putty
netapp
fedoraproject
|
putty
oncommand_unified_manager_core_package
fedora
|
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-14002
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209594
|
5.3 |
MEDIUM
Network
|
maipu
|
mp1800x-50_firmware
|
The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware versio…
|
NVD-CWE-noinfo
|
CVE-2020-13896
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209595
|
5.9 |
MEDIUM
Network
|
openbsd
netapp
|
openssh
aff_a700s_firmware
steelstore_cloud_integrated_storage
ontap_select_deploy_administration_utility
active_iq_unified_manager
solidfire
hci_management_node
hci_storage_node…
|
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connect…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-14145
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209596
|
9.8 |
CRITICAL
Network
|
mk-auth
|
mk-auth
|
An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts.
|
CWE-78
OS Command
|
CVE-2020-14072
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209597
|
6.1 |
MEDIUM
Network
|
mk-auth
|
mk-auth
|
An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin and client scripts allow an attacker to execute arbitrary JavaScript code.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14071
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209598
|
9.8 |
CRITICAL
Network
|
mk-auth
|
mk-auth
|
An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access.
|
CWE-287
Improper Authentication
|
CVE-2020-14070
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209599
|
6.8 |
MEDIUM
Physics
|
mk-auth
|
mk-auth
|
An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.ph…
|
CWE-89
SQL Injection
|
CVE-2020-14069
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209600
|
9.8 |
CRITICAL
Network
|
mk-auth
|
mk-auth
|
An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executar_login.php.
|
CWE-89
SQL Injection
|
CVE-2020-14068
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
