|
210061
|
9.8 |
CRITICAL
Network
|
broadcom
|
fabric_operating_system
|
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.
|
NVD-CWE-noinfo
|
CVE-2020-15374
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210062
|
9.8 |
CRITICAL
Network
|
broadcom
|
fabric_operating_system
|
Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform va…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-15373
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210063
|
5.5 |
MEDIUM
Local
|
broadcom
|
fabric_operating_system
|
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacke…
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2020-15372
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210064
|
9.8 |
CRITICAL
Network
|
broadcom
|
fabric_operating_system
|
Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
|
CWE-94
Code Injection
|
CVE-2020-15371
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210065
|
6.5 |
MEDIUM
Network
|
broadcom
|
fabric_operating_system
|
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the use…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-15370
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210066
|
8.8 |
HIGH
Network
|
broadcom
|
fabric_operating_system
|
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote serv…
|
CWE-521
Weak Password Requirements
|
CVE-2020-15369
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210067
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .
|
CWE-79
Cross-site Scripting
|
CVE-2020-15521
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210068
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
|
CWE-89
SQL Injection
|
CVE-2020-15394
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210069
|
8.0 |
HIGH
Network
|
ory
|
fosite
|
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-15223
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210070
|
8.1 |
HIGH
Network
|
ory
|
fosite
|
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When u…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-15222
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
