|
209581
|
7.5 |
HIGH
Network
|
genivia
fedoraproject
|
gsoap
fedora
|
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-13574
|
2024-11-21 14:01 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209582
|
6.1 |
MEDIUM
Network
|
open-emr
phpgacl_project
|
openemr
phpgacl
|
An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6…
|
CWE-601
Open Redirect
|
CVE-2020-13565
|
2024-11-21 14:01 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209583
|
8.8 |
HIGH
Network
|
foxitsoftware
|
foxit_reader
|
In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the …
|
CWE-416
Use After Free
|
CVE-2020-13548
|
2024-11-21 14:01 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209584
|
7.8 |
HIGH
Local
|
softmaker
|
office_textmaker_2021
|
In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon u…
|
CWE-787
CWE-131
Out-of-bounds Write
Incorrect Calculation of Buffer Size
|
CVE-2020-13546
|
2024-11-21 14:01 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209585
|
5.7 |
MEDIUM
Adjacent
|
tufin
|
securetrack
|
Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-13462
|
2024-11-21 14:01 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209586
|
4.3 |
MEDIUM
Adjacent
|
tufin
|
securetrack
|
Username enumeration in present in Tufin SecureTrack. It's affecting all versions of SecureTrack. The vendor has decided not to fix this vulnerability. Vendor's response: "This attack requires access…
|
NVD-CWE-noinfo
|
CVE-2020-13461
|
2024-11-21 14:01 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209587
|
8.8 |
HIGH
Network
|
tufin
|
securetrack
|
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA.
|
CWE-352
Origin Validation Error
|
CVE-2020-13460
|
2024-11-21 14:01 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209588
|
5.9 |
MEDIUM
Adjacent
|
tufin
|
securetrack
|
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or …
|
CWE-79
Cross-site Scripting
|
CVE-2020-13409
|
2024-11-21 14:01 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209589
|
5.9 |
MEDIUM
Adjacent
|
tufin
|
securetrack
|
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or …
|
CWE-79
Cross-site Scripting
|
CVE-2020-13408
|
2024-11-21 14:01 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209590
|
5.9 |
MEDIUM
Adjacent
|
tufin
|
securetrack
|
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or …
|
CWE-79
Cross-site Scripting
|
CVE-2020-13407
|
2024-11-21 14:01 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
