|
213631
|
4.9 |
MEDIUM
Network
|
misp
|
misp
|
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a …
|
NVD-CWE-noinfo
|
CVE-2020-11458
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213632
|
3.3 |
LOW
Local
|
zoom
|
meetings
|
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera ac…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-11470
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213633
|
7.8 |
HIGH
Local
|
zoom
|
meetings
|
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-11469
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213634
|
7.2 |
HIGH
Network
|
deskpro
|
deskpro
|
An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-11467
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213635
|
4.3 |
MEDIUM
Network
|
deskpro
|
deskpro
|
An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk…
|
CWE-269
Improper Privilege Management
|
CVE-2020-11466
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213636
|
8.8 |
HIGH
Network
|
deskpro
|
deskpro
|
An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* endpoints failed to properly validate a user's privilege, allowing an attacker to control/install helpdesk applications and leak cu…
|
CWE-862
Missing Authorization
|
CVE-2020-11465
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213637
|
4.3 |
MEDIUM
Network
|
deskpro
|
deskpro
|
An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users reg…
|
CWE-269
Improper Privilege Management
|
CVE-2020-11464
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213638
|
7.5 |
HIGH
Network
|
deskpro
|
deskpro
|
An issue was discovered in Deskpro before 2019.8.0. The /api/email_accounts endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve cleartext credentials of all help…
|
CWE-862
Missing Authorization
|
CVE-2020-11463
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213639
|
5.4 |
MEDIUM
Network
|
netgate
|
pfsense
|
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11457
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213640
|
5.4 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
|
CWE-79
Cross-site Scripting
|
CVE-2020-11456
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
