|
209221
|
8.8 |
HIGH
Network
|
google
opensuse
fedoraproject
debian
|
chrome
leap
backports_sle
fedora
debian_linux
|
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-15960
|
2024-11-21 14:06 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209222
|
4.3 |
MEDIUM
Network
|
google
opensuse
fedoraproject
debian
|
chrome
leap
backports_sle
fedora
debian_linux
|
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from pro…
|
NVD-CWE-Other
|
CVE-2020-15959
|
2024-11-21 14:06 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209223
|
6.5 |
MEDIUM
Network
|
acronis
|
cyber_backup
|
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwar…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-16171
|
2024-11-21 14:06 |
2020-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209224
|
2.3 |
LOW
Local
|
hms-networks
|
ewon_flexy_firmware
ewon_cosy_firmware
|
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the C…
|
NVD-CWE-Other
|
CVE-2020-16230
|
2024-11-21 14:06 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209225
|
6.5 |
MEDIUM
Adjacent
|
philips
|
clinical_collaboration_platform
|
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influe…
|
-
|
CVE-2020-16200
|
2024-11-21 14:06 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209226
|
6.3 |
MEDIUM
Adjacent
|
philips
|
clinical_collaboration_platform
|
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.
|
-
|
CVE-2020-16198
|
2024-11-21 14:06 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209227
|
8.6 |
HIGH
Network
|
1crm
|
1crm
|
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenti…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-15958
|
2024-11-21 14:06 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209228
|
6.5 |
MEDIUM
Network
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duratio…
|
CWE-346
Origin Validation Error
|
CVE-2020-15773
|
2024-11-21 14:06 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209229
|
8.8 |
HIGH
Network
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbi…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15776
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209230
|
7.5 |
HIGH
Network
|
gradle
|
enterprise
|
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page i…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-15775
|
2024-11-21 14:06 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
