|
209481
|
9.1 |
CRITICAL
Network
|
kee
|
keepassrpc
|
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket …
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-16271
|
2024-11-21 14:07 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209482
|
5.5 |
MEDIUM
Local
|
radare
fedoraproject
|
radare2
fedora
|
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.
|
NVD-CWE-noinfo
|
CVE-2020-16269
|
2024-11-21 14:07 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209483
|
8.8 |
HIGH
Network
|
mozilla
|
thunderbird
|
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.
|
CWE-77
Command Injection
|
CVE-2020-15685
|
2024-11-21 14:06 |
2022-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209484
|
7.6 |
HIGH
Network
|
mozilla
|
vpn
|
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as …
|
CWE-384
Session Fixation
|
CVE-2020-15679
|
2024-11-21 14:06 |
2022-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209485
|
5.3 |
MEDIUM
Network
|
fedoraproject
|
supybot-fedora
|
supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time.
|
NVD-CWE-noinfo
|
CVE-2020-15853
|
2024-11-21 14:06 |
2022-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209486
|
6.1 |
MEDIUM
Network
|
redhat
|
bodhi
|
Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15855
|
2024-11-21 14:06 |
2022-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209487
|
7.5 |
HIGH
Network
|
lemonldap-ng
debian
|
lemonldap\
debian_linux
|
In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::L…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-16093
|
2024-11-21 14:06 |
2022-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209488
|
6.5 |
MEDIUM
Local
|
emerson
|
openenterprise_scada_server
|
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-16235
|
2024-11-21 14:06 |
2022-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209489
|
8.8 |
HIGH
Network
|
bachmann
|
mx207_firmware
mx213_firmware
mx220_firmware
mc206_firmware
mc212_firmware
mc220_firmware
mh230_firmware
mc205_firmware
mc210_firmware
mh212_firmware
me203_firmware
c…
|
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX20…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-16231
|
2024-11-21 14:06 |
2022-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209490
|
9.8 |
CRITICAL
Network
|
fieldcommgroup
|
hipserver
hart-ip_developer_kit_firmware
|
A malicious attacker could exploit the interface of the Fieldcomm Group HART-IP (release 1.0.0.0) by constructing messages with sufficiently large payloads to overflow the internal buffer and crash t…
|
-
|
CVE-2020-16209
|
2024-11-21 14:06 |
2022-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
