|
195841
|
9.8 |
CRITICAL
Network
|
dahuasecurity
|
sd6al_firmware
sd5a_firmware
sd1a_firmware
ptz1a_firmware
sd50_firmware
sd52c_firmware
ipc-hx5842h_firmware
ipc-hx7842h_firmware
ipc-hx2xxx_firmware
ipc-hxxx5x4x_firmware
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packe…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-9502
|
2024-11-21 14:40 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
195842
|
5.5 |
MEDIUM
Local
|
dahuasecurity
|
web_p2p
|
Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may …
|
NVD-CWE-noinfo
|
CVE-2020-9501
|
2024-11-21 14:40 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195843
|
7.5 |
HIGH
Network
|
oracle
|
iplanet_web_server
|
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-9315
|
2024-11-21 14:40 |
2020-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195844
|
4.8 |
MEDIUM
Network
|
oracle
|
iplanet_web_server
|
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists b…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9314
|
2024-11-21 14:40 |
2020-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195845
|
7.0 |
HIGH
Local
|
siedle
|
sg_150-0_firmware
|
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can g…
|
CWE-362
Race Condition
|
CVE-2020-9475
|
2024-11-21 14:40 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195846
|
8.8 |
HIGH
Network
|
siedle
|
sg_150-0_firmware
|
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the net…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-9474
|
2024-11-21 14:40 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195847
|
7.5 |
HIGH
Network
|
huawei
|
oceanstor_5310_firmware
|
Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the i…
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2020-9098
|
2024-11-21 14:40 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195848
|
4.3 |
MEDIUM
Network
|
mahara
|
mahara
|
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' i…
|
CWE-200
Information Exposure
|
CVE-2020-9387
|
2024-11-21 14:40 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195849
|
6.5 |
MEDIUM
Network
|
apache
|
nifi_registry
|
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the ser…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-9482
|
2024-11-21 14:40 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195850
|
7.5 |
HIGH
Network
|
apache
debian
|
traffic_server
debian_linux
|
Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-9481
|
2024-11-21 14:40 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
