|
209601
|
7.5 |
HIGH
Network
|
foxitsoftware
|
reader
phantompdf
|
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.
|
CWE-416
Use After Free
|
CVE-2020-13806
|
2024-11-21 14:01 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209602
|
9.8 |
CRITICAL
Network
|
foxitsoftware
|
reader
phantompdf
|
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-13805
|
2024-11-21 14:01 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209603
|
9.8 |
CRITICAL
Network
|
foxitsoftware
|
reader
phantompdf
|
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-13804
|
2024-11-21 14:01 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209604
|
7.5 |
HIGH
Network
|
foxitsoftware
|
phantompdf
reader
|
An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-13803
|
2024-11-21 14:01 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209605
|
7.5 |
HIGH
Network
|
zohocorp
|
manageengine_opmanager
|
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
|
CWE-22
Path Traversal
|
CVE-2020-13818
|
2024-11-21 14:01 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209606
|
7.4 |
HIGH
Network
|
ntp
netapp
opensuse
fujitsu
|
ntp
cloud_backup
element_software
steelstore_cloud_integrated_storage
clustered_data_ontap
data_ontap
solidfire
hci_management_node
ontap_tools
hci_compute_node_firmware
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed pack…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-13817
|
2024-11-21 14:01 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
209607
|
7.4 |
HIGH
Network
|
gnu
fedoraproject
canonical
debian
|
gnutls
fedora
ubuntu_linux
debian_linux
|
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version i…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-13777
|
2024-11-21 14:01 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209608
|
6.1 |
MEDIUM
Network
|
naviwebs
|
navigate_cms
|
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13798
|
2024-11-21 14:01 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209609
|
6.1 |
MEDIUM
Network
|
naviwebs
|
navigate_cms
|
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13797
|
2024-11-21 14:01 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209610
|
6.1 |
MEDIUM
Network
|
naviwebs
|
navigate_cms
|
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13796
|
2024-11-21 14:01 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
