|
200701
|
4.3 |
MEDIUM
Network
|
jenkins
|
fortify_on_demand
|
A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Je…
|
CWE-862
Missing Authorization
|
CVE-2020-2202
|
2024-11-21 14:24 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200702
|
5.4 |
MEDIUM
Network
|
jenkins
|
sonargraph_integration
|
Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2201
|
2024-11-21 14:24 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200703
|
10.0 |
CRITICAL
Network
|
paloaltonetworks
|
pan-os
|
When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-2021
|
2024-11-21 14:24 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200704
|
5.3 |
MEDIUM
Adjacent
|
paloaltonetworks
|
globalprotect
|
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on t…
|
CWE-295
CWE-290
Improper Certificate Validation
Authentication Bypass by Spoofing
|
CVE-2020-2033
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200705
|
7.0 |
HIGH
Local
|
paloaltonetworks
|
globalprotect
|
A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while p…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-2032
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200706
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request t…
|
CWE-78
OS Command
|
CVE-2020-2029
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200707
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC…
|
CWE-78
OS Command
|
CVE-2020-2028
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200708
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-2027
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200709
|
8.8 |
HIGH
Local
|
katacontainers
fedoraproject
|
runtime
fedora
|
A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesy…
|
CWE-59
Link Following
|
CVE-2020-2026
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200710
|
6.3 |
MEDIUM
Local
|
katacontainers
|
runtime
|
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-age…
|
NVD-CWE-noinfo
|
CVE-2020-2023
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
