|
196531
|
7.5 |
HIGH
Network
|
tcpdump
|
tcpdump
|
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-8036
|
2024-11-21 14:38 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196532
|
6.8 |
MEDIUM
Physics
|
nextcloud
|
nextcloud_server
|
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not …
|
CWE-287
Improper Authentication
|
CVE-2020-8236
|
2024-11-21 14:38 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196533
|
7.5 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-8183
|
2024-11-21 14:38 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196534
|
2.2 |
LOW
Network
|
nextcloud
|
nextcloud_server
|
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-8173
|
2024-11-21 14:38 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196535
|
5.4 |
MEDIUM
Network
|
pulsesecure
|
pulse_secure_desktop_client
|
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8263
|
2024-11-21 14:38 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196536
|
6.1 |
MEDIUM
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
pulse_policy_secure
policy_secure
connect_secure
|
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8262
|
2024-11-21 14:38 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196537
|
4.3 |
MEDIUM
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
pulse_policy_secure
policy_secure
connect_secure
|
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-8261
|
2024-11-21 14:38 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196538
|
7.2 |
HIGH
Network
|
pulsesecure
|
pulse_secure_desktop_client
|
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-8260
|
2024-11-21 14:38 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196539
|
4.9 |
MEDIUM
Network
|
pulsesecure
|
pulse_secure_desktop_client
|
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklist…
|
NVD-CWE-noinfo
|
CVE-2020-8255
|
2024-11-21 14:38 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196540
|
8.8 |
HIGH
Network
|
pulsesecure
|
pulse_secure_desktop_client
|
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To i…
|
CWE-22
Path Traversal
|
CVE-2020-8254
|
2024-11-21 14:38 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
