|
212901
|
8.0 |
HIGH
Adjacent
|
tp-link
|
tl-wa855re_firmware
|
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Al…
|
CWE-287
Improper Authentication
|
CVE-2020-10916
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212902
|
6.3 |
MEDIUM
Network
|
barrelstrengthdesign
|
sprout_forms
|
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This ha…
|
CWE-74
Injection
|
CVE-2020-11056
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212903
|
8.1 |
HIGH
Network
|
java-websocket_project
|
java-websocket
|
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-11050
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212904
|
7.2 |
HIGH
Network
|
gira
|
tks-ip-gateway_firmware
|
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access.
|
CWE-78
OS Command
|
CVE-2020-10795
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212905
|
9.8 |
CRITICAL
Network
|
gira
|
tks-ip-gateway_firmware
|
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root acce…
|
CWE-22
Path Traversal
|
CVE-2020-10794
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212906
|
5.4 |
MEDIUM
Network
|
bookstackapp
|
bookstack
|
In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system …
|
CWE-79
Cross-site Scripting
|
CVE-2020-11055
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212907
|
3.5 |
LOW
Network
|
qutebrowser
fedoraproject
|
qutebrowser
fedora
|
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (col…
|
-
|
CVE-2020-11054
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212908
|
6.1 |
MEDIUM
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This…
|
CWE-601
Open Redirect
|
CVE-2020-11053
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212909
|
9.8 |
CRITICAL
Network
|
sorcery_project
|
sorcery
|
In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined l…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-11052
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212910
|
2.2 |
LOW
Network
|
freerdp
canonical
debian
|
freerdp
ubuntu_linux
debian_linux
|
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.
|
-
|
CVE-2020-11049
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
