|
195961
|
5.5 |
MEDIUM
Local
|
brave
|
brave
|
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. T…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-8276
|
2024-11-21 14:38 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195962
|
5.3 |
MEDIUM
Network
|
ui
|
unifi_protect_firmware
|
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to…
|
CWE-287
Improper Authentication
|
CVE-2020-8267
|
2024-11-21 14:38 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195963
|
7.5 |
HIGH
Network
|
tcpdump
debian
fedoraproject
apple
|
tcpdump
debian_linux
fedora
mac_os_x
macos
|
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-8037
|
2024-11-21 14:38 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195964
|
7.5 |
HIGH
Network
|
tcpdump
|
tcpdump
|
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-8036
|
2024-11-21 14:38 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195965
|
6.8 |
MEDIUM
Physics
|
nextcloud
|
nextcloud_server
|
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not …
|
CWE-287
Improper Authentication
|
CVE-2020-8236
|
2024-11-21 14:38 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195966
|
7.5 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-8183
|
2024-11-21 14:38 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195967
|
2.2 |
LOW
Network
|
nextcloud
|
nextcloud_server
|
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-8173
|
2024-11-21 14:38 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195968
|
5.4 |
MEDIUM
Network
|
pulsesecure
|
pulse_secure_desktop_client
|
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8263
|
2024-11-21 14:38 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195969
|
6.1 |
MEDIUM
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
pulse_policy_secure
policy_secure
connect_secure
|
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8262
|
2024-11-21 14:38 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195970
|
4.3 |
MEDIUM
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
pulse_policy_secure
policy_secure
connect_secure
|
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-8261
|
2024-11-21 14:38 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
