|
208371
|
5.9 |
MEDIUM
Network
|
gnome
fedoraproject
|
geary
fedora
|
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not confi…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24661
|
2024-11-21 14:15 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208372
|
6.5 |
MEDIUM
Network
|
maltego
|
maltego
|
Maltego before 4.2.12 allows XXE attacks.
|
CWE-611
XXE
|
CVE-2020-24656
|
2024-11-21 14:15 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208373
|
9.8 |
CRITICAL
Network
|
expo
|
expo
|
secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used.
|
NVD-CWE-noinfo
|
CVE-2020-24653
|
2024-11-21 14:15 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208374
|
4.9 |
MEDIUM
Network
|
sonatype
|
nexus
|
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-24622
|
2024-11-21 14:15 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208375
|
6.1 |
MEDIUM
Network
|
techkshetrainfo
|
savsoft_quiz
|
TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the …
|
CWE-79
Cross-site Scripting
|
CVE-2020-24609
|
2024-11-21 14:15 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208376
|
8.8 |
HIGH
Network
|
fossil-scm
fedoraproject
opensuse
|
fossil
fedora
leap
backports_sle
|
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.
|
CWE-862
Missing Authorization
|
CVE-2020-24614
|
2024-11-21 14:15 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208377
|
8.1 |
HIGH
Network
|
fasterxml
netapp
oracle
debian
|
jackson-databind
active_iq_unified_manager
application_testing_suite
agile_plm
communications_policy_management
communications_diameter_signaling_router
communications_services_gate…
|
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-24616
|
2024-11-21 14:15 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208378
|
6.8 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24613
|
2024-11-21 14:15 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208379
|
8.8 |
HIGH
Network
|
raspap
|
raspap
|
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (…
|
CWE-78
OS Command
|
CVE-2020-24572
|
2024-11-21 14:15 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208380
|
4.7 |
MEDIUM
Local
|
fedoraproject
|
selinux-policy
|
An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode…
|
CWE-287
Improper Authentication
|
CVE-2020-24612
|
2024-11-21 14:15 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
