|
209691
|
8.2 |
HIGH
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
|
CWE-287
Improper Authentication
|
CVE-2020-16251
|
2024-11-21 14:07 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209692
|
8.2 |
HIGH
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
|
CWE-345
CWE-290
Insufficient Verification of Data Authenticity
Authentication Bypass by Spoofing
|
CVE-2020-16250
|
2024-11-21 14:07 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209693
|
9.8 |
CRITICAL
Network
|
advantech
|
iview
|
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availabilit…
|
CWE-22
Path Traversal
|
CVE-2020-16245
|
2024-11-21 14:07 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209694
|
6.5 |
MEDIUM
Local
|
parallels
|
parallels_desktop
|
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code…
|
-
|
CVE-2020-17391
|
2024-11-21 14:07 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209695
|
8.8 |
HIGH
Local
|
parallels
|
parallels_desktop
|
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-17390
|
2024-11-21 14:07 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209696
|
8.8 |
HIGH
Network
|
marvell
|
qconvergeconsole
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability,…
|
-
|
CVE-2020-17389
|
2024-11-21 14:07 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209697
|
8.8 |
HIGH
Network
|
marvell
|
qconvergeconsole
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability,…
|
-
|
CVE-2020-17388
|
2024-11-21 14:07 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209698
|
8.8 |
HIGH
Network
|
marvell
|
qconvergeconsole
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability,…
|
-
|
CVE-2020-17387
|
2024-11-21 14:07 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209699
|
6.5 |
MEDIUM
Network
|
cellopoint
|
cellos
|
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-17386
|
2024-11-21 14:07 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209700
|
7.5 |
HIGH
Network
|
cellopoint
|
cellos
|
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.
|
CWE-22
Path Traversal
|
CVE-2020-17385
|
2024-11-21 14:07 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
