|
196481
|
5.4 |
MEDIUM
Network
|
nextcloud
|
contacts
|
A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8280
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196482
|
4.3 |
MEDIUM
Network
|
citrix
|
secure_mail
|
Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicio…
|
CWE-269
Improper Privilege Management
|
CVE-2020-8275
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196483
|
6.5 |
MEDIUM
Network
|
citrix
|
secure_mail
|
Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note th…
|
CWE-94
Code Injection
|
CVE-2020-8274
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196484
|
6.1 |
MEDIUM
Network
|
rubyonrails
|
rails
|
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL whic…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8264
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196485
|
8.1 |
HIGH
Network
|
nodejs
debian
fedoraproject
oracle
siemens
|
node.js
debian_linux
fedora
graalvm
sinec_infrastructure_network_services
|
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::T…
|
CWE-416
Use After Free
|
CVE-2020-8265
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196486
|
6.1 |
MEDIUM
Network
|
mendix
|
mendixsso
|
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supp…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8160
|
2024-11-21 14:38 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196487
|
7.8 |
HIGH
Local
|
backblaze
|
backblaze
|
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of cl…
|
CWE-269
Improper Privilege Management
|
CVE-2020-8290
|
2024-11-21 14:38 |
2020-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196488
|
7.8 |
HIGH
Local
|
backblaze
|
backblaze
|
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-8289
|
2024-11-21 14:38 |
2020-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196489
|
9.8 |
CRITICAL
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execut…
|
CWE-78
OS Command
|
CVE-2020-8466
|
2024-11-21 14:38 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196490
|
9.8 |
CRITICAL
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authenticat…
|
CWE-287
CWE-352
Improper Authentication
Origin Validation Error
|
CVE-2020-8465
|
2024-11-21 14:38 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
