|
211211
|
5.7 |
MEDIUM
Adjacent
|
health
|
covidsafe
|
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection o…
|
NVD-CWE-noinfo
|
CVE-2020-14292
|
2024-11-21 14:02 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211212
|
7.2 |
HIGH
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-14008
|
2024-11-21 14:02 |
2020-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211213
|
6.1 |
MEDIUM
Network
|
enghouse
|
web_chat
|
Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13972
|
2024-11-21 14:02 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211214
|
8.8 |
HIGH
Network
|
dolibarr
|
dolibarr
|
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-14209
|
2024-11-21 14:02 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211215
|
5.9 |
MEDIUM
Network
|
apache
netapp
|
cassandra
oncommand_insight
|
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to m…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-13946
|
2024-11-21 14:02 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211216
|
7.5 |
HIGH
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affecte…
|
NVD-CWE-noinfo
|
CVE-2020-14178
|
2024-11-21 14:02 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211217
|
8.1 |
HIGH
Network
|
mitel
|
micollab
|
The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A succe…
|
CWE-74
Injection
|
CVE-2020-13863
|
2024-11-21 14:02 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211218
|
6.1 |
MEDIUM
Network
|
codiad
|
codiad
|
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's na…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14042
|
2024-11-21 14:02 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211219
|
7.2 |
HIGH
Network
|
codiad
|
codiad
|
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-14044
|
2024-11-21 14:02 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211220
|
8.8 |
HIGH
Network
|
codiad
|
codiad
|
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only availab…
|
CWE-352
Origin Validation Error
|
CVE-2020-14043
|
2024-11-21 14:02 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
