|
209821
|
6.8 |
MEDIUM
Adjacent
|
espressif
|
esp8266_nonos_sdk
esp8266_rtos_sdk
esp-idf
|
An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frame…
|
CWE-287
CWE-319
Improper Authentication
Cleartext Transmission of Sensitive Information
|
CVE-2020-12638
|
2024-11-21 13:59 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209822
|
7.3 |
HIGH
Local
|
phoenixcontact
|
plcnext_engineer
|
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
|
CWE-22
Path Traversal
|
CVE-2020-12499
|
2024-11-21 13:59 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209823
|
6.1 |
MEDIUM
Network
|
collaboraoffice
|
collabora_online_development_edition
|
The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead …
|
CWE-79
Cross-site Scripting
|
CVE-2020-12432
|
2024-11-21 13:59 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209824
|
7.8 |
HIGH
Local
|
rockwellautomation
|
factorytalk_view
|
In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing fo…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-12031
|
2024-11-21 13:59 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209825
|
8.1 |
HIGH
Network
|
rockwellautomation
|
factorytalk_view
|
In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-12028
|
2024-11-21 13:59 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209826
|
4.3 |
MEDIUM
Network
|
rockwellautomation
|
factorytalk_view
|
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaiss…
|
NVD-CWE-noinfo
|
CVE-2020-12027
|
2024-11-21 13:59 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209827
|
7.8 |
HIGH
Local
|
rockwellautomation
|
factorytalk_view
|
All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoi…
|
-
|
CVE-2020-12029
|
2024-11-21 13:59 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209828
|
5.4 |
MEDIUM
Network
|
apache
|
airflow
|
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated us…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11983
|
2024-11-21 13:59 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209829
|
9.8 |
CRITICAL
Network
|
apache
|
airflow
|
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious pa…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-11982
|
2024-11-21 13:59 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209830
|
9.8 |
CRITICAL
Network
|
apache
|
airflow
|
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, res…
|
CWE-78
OS Command
|
CVE-2020-11981
|
2024-11-21 13:59 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
