|
211971
|
8.8 |
HIGH
Network
|
ibi
|
webfocus_business_intelligence
|
WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of a…
|
CWE-352
Origin Validation Error
|
CVE-2020-14203
|
2024-11-21 14:02 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211972
|
6.1 |
MEDIUM
Network
|
ibi
|
webfocus_business_intelligence
|
WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14202
|
2024-11-21 14:02 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211973
|
6.5 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafte…
|
CWE-20
Improper Input Validation
|
CVE-2020-13961
|
2024-11-21 14:02 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211974
|
7.8 |
HIGH
Local
|
rtslib-fb_project
|
rtslib-fb
|
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-14019
|
2024-11-21 14:02 |
2020-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211975
|
4.2 |
MEDIUM
Local
|
cisofy
fedoraproject
|
lynis
fedora
|
CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed l…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-13882
|
2024-11-21 14:02 |
2020-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211976
|
8.1 |
HIGH
Adjacent
|
abus
|
secvest_wireless_control_fube50001_firmware
|
The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-14157
|
2024-11-21 14:02 |
2020-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211977
|
7.5 |
HIGH
Network
|
golang
fedoraproject
|
text
fedora
|
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An a…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-14040
|
2024-11-21 14:02 |
2020-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211978
|
7.2 |
HIGH
Network
|
cacti
fedoraproject
|
cacti
fedora
|
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
|
CWE-89
SQL Injection
|
CVE-2020-14295
|
2024-11-21 14:02 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211979
|
6.5 |
MEDIUM
Network
|
zammad
|
zammad
|
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all ticke…
|
CWE-863
Incorrect Authorization
|
CVE-2020-14214
|
2024-11-21 14:02 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211980
|
5.4 |
MEDIUM
Network
|
zammad
|
zammad
|
In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
|
CWE-862
Missing Authorization
|
CVE-2020-14213
|
2024-11-21 14:02 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
