|
208341
|
5.3 |
MEDIUM
Network
|
mitel
|
micloud_management_portal
|
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2020-24592
|
2024-11-21 14:15 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208342
|
9.8 |
CRITICAL
Network
|
hpe
|
utility_computing_service_meter
|
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
|
CWE-22
Path Traversal
|
CVE-2020-24626
|
2024-11-21 14:15 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208343
|
7.5 |
HIGH
Network
|
hpe
|
utility_computing_service_meter
|
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
|
CWE-22
Path Traversal
|
CVE-2020-24625
|
2024-11-21 14:15 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208344
|
7.5 |
HIGH
Network
|
hpe
|
utility_computing_service_meter
|
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
|
CWE-22
Path Traversal
|
CVE-2020-24624
|
2024-11-21 14:15 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208345
|
5.9 |
MEDIUM
Network
|
meltytech
|
shotcut
|
In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24619
|
2024-11-21 14:15 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208346
|
6.5 |
MEDIUM
Adjacent
|
hpe
|
universal_api_framework
|
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API…
|
CWE-89
SQL Injection
|
CVE-2020-24623
|
2024-11-21 14:15 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208347
|
9.8 |
CRITICAL
Network
|
lemonldap-ng
debian
|
lemonldap\
debian_linux
|
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also af…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2020-24660
|
2024-11-21 14:15 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208348
|
6.1 |
MEDIUM
Network
|
zulipchat
|
zulip_desktop
|
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24582
|
2024-11-21 14:15 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208349
|
6.5 |
MEDIUM
Network
|
idreamsoft
|
icms
|
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial admin…
|
CWE-352
Origin Validation Error
|
CVE-2020-24739
|
2024-11-21 14:15 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208350
|
5.1 |
MEDIUM
Local
|
twilio
|
authy_2-factor_authentication
|
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with …
|
CWE-362
Race Condition
|
CVE-2020-24655
|
2024-11-21 14:15 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
