|
208271
|
5.3 |
MEDIUM
Network
|
silverstripe
|
silverstripe
|
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation.
|
CWE-20
Improper Input Validation
|
CVE-2020-26138
|
2024-11-21 14:19 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208272
|
4.8 |
MEDIUM
Network
|
intland
|
codebeamer
|
A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a pr…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26517
|
2024-11-21 14:19 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208273
|
8.8 |
HIGH
Network
|
intland
|
codebeamer
|
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allow…
|
CWE-352
Origin Validation Error
|
CVE-2020-26516
|
2024-11-21 14:19 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208274
|
7.5 |
HIGH
Network
|
intland
|
codebeamer
|
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's…
|
CWE-327
CWE-522
Use of a Broken or Risky Cryptographic Algorithm
Insufficiently Protected Credentials
|
CVE-2020-26515
|
2024-11-21 14:19 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208275
|
6.1 |
MEDIUM
Network
|
online_examination_system_project
|
online_examination_system
|
Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26006
|
2024-11-21 14:19 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208276
|
5.3 |
MEDIUM
Network
|
openbsd
|
openbsd
|
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network pack…
|
CWE-74
Injection
|
CVE-2020-26142
|
2024-11-21 14:19 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208277
|
9.1 |
CRITICAL
Network
|
dell
|
emc_powerscale_onefs
|
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note:…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-26197
|
2024-11-21 14:19 |
2021-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208278
|
8.8 |
HIGH
Network
|
protocol
|
go-ipfs
|
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output.…
|
-
|
CVE-2020-26283
|
2024-11-21 14:19 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208279
|
8.1 |
HIGH
Network
|
protocol
|
go-ipfs
|
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAG…
|
-
|
CVE-2020-26279
|
2024-11-21 14:19 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208280
|
7.8 |
HIGH
Local
|
utimaco
|
block-safe_firmware
cryptoserver_cp5_firmware
cryptoserver_cp5_vs-nfd_firmware
paymentserver_firmware
paymentserver_hybrid_firmware
securityserver_firmware
|
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-admin…
|
CWE-427
CWE-732
Uncontrolled Search Path Element
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-26155
|
2024-11-21 14:19 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
