|
198461
|
6.1 |
MEDIUM
Network
|
ui
|
airos
|
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8170
|
2024-11-21 14:38 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198462
|
8.8 |
HIGH
Network
|
ui
|
airos
|
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the…
|
CWE-352
Origin Validation Error
|
CVE-2020-8168
|
2024-11-21 14:38 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198463
|
5.3 |
MEDIUM
Network
|
opensuse
debian
|
open_build_service
debian_linux
|
a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Servi…
|
-
|
CVE-2020-8021
|
2024-11-21 14:38 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198464
|
9.8 |
CRITICAL
Network
|
jenzabar
|
internet_campus_solution
|
Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There …
|
CWE-384
Session Fixation
|
CVE-2020-8434
|
2024-11-21 14:38 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198465
|
6.1 |
MEDIUM
Network
|
horde
|
groupware
gollem
|
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the b…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8034
|
2024-11-21 14:38 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198466
|
6.1 |
MEDIUM
Network
|
horde
|
groupware
|
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload.…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8035
|
2024-11-21 14:38 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198467
|
9.8 |
CRITICAL
Network
|
logkitty_project
|
logkitty
|
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
|
CWE-94
Code Injection
|
CVE-2020-8149
|
2024-11-21 14:38 |
2020-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198468
|
7.5 |
HIGH
Network
|
bitdefender
|
engines
|
Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This…
|
CWE-20
Improper Input Validation
|
CVE-2020-8100
|
2024-11-21 14:38 |
2020-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198469
|
6.1 |
MEDIUM
Network
|
opensuse
debian
|
open_build_service
debian_linux
|
A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-bu…
|
-
|
CVE-2020-8020
|
2024-11-21 14:38 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198470
|
9.8 |
CRITICAL
Network
|
rubyonrails
debian
|
actionpack_page-caching
debian_linux
|
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can w…
|
CWE-22
Path Traversal
|
CVE-2020-8159
|
2024-11-21 14:38 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
