|
215431
|
8.8 |
HIGH
Network
|
atlassian
|
alfresco_enterprise_content_management
|
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run a…
|
CWE-74
Injection
|
CVE-2020-12873
|
2024-11-21 14:00 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215432
|
6.5 |
MEDIUM
Network
|
hubspot
|
jinjava
|
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrar…
|
CWE-863
Incorrect Authorization
|
CVE-2020-12668
|
2024-11-21 14:00 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215433
|
7.8 |
HIGH
Local
|
digi
|
connectport_x2e_firmware
|
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/py…
|
CWE-59
Link Following
|
CVE-2020-12878
|
2024-11-21 14:00 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215434
|
6.5 |
MEDIUM
Network
|
teradici
|
cloud_access_connector
|
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID…
|
CWE-352
Origin Validation Error
|
CVE-2020-13186
|
2024-11-21 14:00 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215435
|
6.5 |
MEDIUM
Network
|
teradici
|
cloud_access_connector
|
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an atta…
|
CWE-287
Improper Authentication
|
CVE-2020-13185
|
2024-11-21 14:00 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215436
|
9.8 |
CRITICAL
Network
|
wavlink
|
wn575a4_firmware
wn579x3_firmware
|
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
|
CWE-77
Command Injection
|
CVE-2020-13117
|
2024-11-21 14:00 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215437
|
4.8 |
MEDIUM
Network
|
tufin
|
securechange
|
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be trigg…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13134
|
2024-11-21 14:00 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215438
|
6.1 |
MEDIUM
Network
|
tufin
|
securechange
|
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be trigg…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13133
|
2024-11-21 14:00 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215439
|
5.4 |
MEDIUM
Network
|
carbonite
|
server_backup_portal
|
OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13116
|
2024-11-21 14:00 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215440
|
9.8 |
CRITICAL
Network
|
gssproxy_project
debian
|
gssproxy
debian_linux
|
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when runn…
|
CWE-667
Improper Locking
|
CVE-2020-12658
|
2024-11-21 14:00 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
