|
208561
|
7.5 |
HIGH
Network
|
otrs
opensuse
debian
|
otrs
leap
backports_sle
debian_linux
|
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue…
|
NVD-CWE-noinfo
|
CVE-2020-1772
|
2024-11-21 14:11 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208562
|
5.4 |
MEDIUM
Network
|
otrs
|
otrs
|
Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter enc…
|
CWE-79
Cross-site Scripting
|
CVE-2020-1771
|
2024-11-21 14:11 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208563
|
4.3 |
MEDIUM
Network
|
otrs
opensuse
debian
|
otrs
leap
backports_sle
debian_linux
|
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior …
|
CWE-200
Information Exposure
|
CVE-2020-1770
|
2024-11-21 14:11 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208564
|
4.3 |
MEDIUM
Network
|
otrs
opensuse
|
otrs
leap
backports_sle
|
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0…
|
NVD-CWE-noinfo
|
CVE-2020-1769
|
2024-11-21 14:11 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208565
|
7.8 |
HIGH
Local
|
huawei
|
p30_firmware
|
HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unau…
|
NVD-CWE-noinfo
|
CVE-2020-1800
|
2024-11-21 14:11 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208566
|
8.6 |
HIGH
Network
|
kiali
redhat
|
kiali
openshift_service_mesh
|
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT sign…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-1764
|
2024-11-21 14:11 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208567
|
9.8 |
CRITICAL
Network
|
apache
debian
|
shiro
debian_linux
|
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
|
NVD-CWE-noinfo
|
CVE-2020-1957
|
2024-11-21 14:11 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208568
|
9.8 |
CRITICAL
Network
|
pyyaml
fedoraproject
opensuse
oracle
|
pyyaml
fedora
leap
communications_cloud_native_core_network_function_cloud_native_environment
|
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method …
|
-
|
CVE-2020-1747
|
2024-11-21 14:11 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208569
|
5.6 |
MEDIUM
Network
|
redhat
|
keycloak
|
A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the b…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-1744
|
2024-11-21 14:11 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208570
|
9.8 |
CRITICAL
Network
|
apache
debian
|
traffic_server
debian_linux
|
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-1944
|
2024-11-21 14:11 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
