|
211401
|
4.6 |
MEDIUM
Physics
|
coolkit
|
ewelink
|
Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eaves…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-12702
|
2024-11-21 14:00 |
2021-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211402
|
8.8 |
HIGH
Network
|
atlassian
|
alfresco_enterprise_content_management
|
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run a…
|
CWE-74
Injection
|
CVE-2020-12873
|
2024-11-21 14:00 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211403
|
6.5 |
MEDIUM
Network
|
hubspot
|
jinjava
|
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrar…
|
CWE-863
Incorrect Authorization
|
CVE-2020-12668
|
2024-11-21 14:00 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211404
|
7.8 |
HIGH
Local
|
digi
|
connectport_x2e_firmware
|
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/py…
|
CWE-59
Link Following
|
CVE-2020-12878
|
2024-11-21 14:00 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211405
|
6.5 |
MEDIUM
Network
|
teradici
|
cloud_access_connector
|
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID…
|
CWE-352
Origin Validation Error
|
CVE-2020-13186
|
2024-11-21 14:00 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211406
|
6.5 |
MEDIUM
Network
|
teradici
|
cloud_access_connector
|
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an atta…
|
CWE-287
Improper Authentication
|
CVE-2020-13185
|
2024-11-21 14:00 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211407
|
9.8 |
CRITICAL
Network
|
wavlink
|
wn575a4_firmware
wn579x3_firmware
|
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
|
CWE-77
Command Injection
|
CVE-2020-13117
|
2024-11-21 14:00 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211408
|
4.8 |
MEDIUM
Network
|
tufin
|
securechange
|
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be trigg…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13134
|
2024-11-21 14:00 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211409
|
6.1 |
MEDIUM
Network
|
tufin
|
securechange
|
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be trigg…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13133
|
2024-11-21 14:00 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211410
|
5.4 |
MEDIUM
Network
|
carbonite
|
server_backup_portal
|
OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13116
|
2024-11-21 14:00 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
