|
208211
|
5.4 |
MEDIUM
Network
|
jenkins
|
fortify_on_demand
|
A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using a…
|
CWE-862
Missing Authorization
|
CVE-2020-2204
|
2024-11-21 14:24 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208212
|
4.3 |
MEDIUM
Network
|
jenkins
|
fortify_on_demand
|
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-speci…
|
CWE-352
Origin Validation Error
|
CVE-2020-2203
|
2024-11-21 14:24 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208213
|
4.3 |
MEDIUM
Network
|
jenkins
|
fortify_on_demand
|
A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Je…
|
CWE-862
Missing Authorization
|
CVE-2020-2202
|
2024-11-21 14:24 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208214
|
5.4 |
MEDIUM
Network
|
jenkins
|
sonargraph_integration
|
Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2201
|
2024-11-21 14:24 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208215
|
10.0 |
CRITICAL
Network
|
paloaltonetworks
|
pan-os
|
When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-2021
|
2024-11-21 14:24 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208216
|
5.3 |
MEDIUM
Adjacent
|
paloaltonetworks
|
globalprotect
|
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on t…
|
CWE-295
CWE-290
Improper Certificate Validation
Authentication Bypass by Spoofing
|
CVE-2020-2033
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208217
|
7.0 |
HIGH
Local
|
paloaltonetworks
|
globalprotect
|
A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while p…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-2032
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208218
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request t…
|
CWE-78
OS Command
|
CVE-2020-2029
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208219
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC…
|
CWE-78
OS Command
|
CVE-2020-2028
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208220
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-2027
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
