|
213151
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application…
|
CWE-22
Path Traversal
|
CVE-2020-12006
|
2024-11-21 13:59 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213152
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data,…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-12002
|
2024-11-21 13:59 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213153
|
7.5 |
HIGH
Network
|
zohocorp
|
manageengine_opmanager
|
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
|
CWE-22
Path Traversal
|
CVE-2020-12116
|
2024-11-21 13:59 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213154
|
7.8 |
HIGH
Local
|
solarwinds
|
managed_service_provider_patch_management_engine
|
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-12608
|
2024-11-21 13:59 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213155
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
|
CWE-22
Path Traversal
|
CVE-2020-12448
|
2024-11-21 13:59 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213156
|
6.5 |
MEDIUM
Network
|
gnu
debian
fedoraproject
opensuse
canonical
|
mailman
debian_linux
fedora
leap
backports_sle
ubuntu_linux
|
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
|
CWE-74
Injection
|
CVE-2020-12108
|
2024-11-21 13:59 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213157
|
7.8 |
HIGH
Local
|
avira
|
software_updater
|
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary fil…
|
NVD-CWE-noinfo
|
CVE-2020-12463
|
2024-11-21 13:59 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213158
|
5.3 |
MEDIUM
Network
|
grin
|
grin
|
Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain.
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2020-12439
|
2024-11-21 13:59 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213159
|
4.9 |
MEDIUM
Network
|
silver-peak
|
unity_edgeconnect_for_google_cloud_platform
unity_edgeconnect_for_azure
unity_edgeconnect_for_amazon_web_services
unity_orchestrator
vx-500_firmware
vx-1000_firmware
vx-2000_firmwar…
|
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untruste…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-12144
|
2024-11-21 13:59 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213160
|
4.9 |
MEDIUM
Network
|
silver-peak
|
unity_edgeconnect_for_google_cloud_platform
unity_edgeconnect_for_azure
unity_edgeconnect_for_amazon_web_services
unity_orchestrator
vx-500_firmware
vx-1000_firmware
vx-2000_firmwar…
|
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-12143
|
2024-11-21 13:59 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
