|
210301
|
5.3 |
MEDIUM
Network
|
openvpn
|
openvpn_access_server
|
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be us…
|
CWE-287
Improper Authentication
|
CVE-2020-15077
|
2024-11-21 14:04 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210302
|
7.8 |
HIGH
Local
|
openvpn
|
private_tunnel
|
Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp.
|
CWE-59
Link Following
|
CVE-2020-15076
|
2024-11-21 14:04 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210303
|
9.8 |
CRITICAL
Network
|
ampache
|
ampache
|
Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and t…
|
-
|
CVE-2020-15153
|
2024-11-21 14:04 |
2021-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210304
|
7.5 |
HIGH
Network
|
openvpn
fedoraproject
canonical
debian
|
openvpn
fedora
ubuntu_linux
debian_linux
|
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentia…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15078
|
2024-11-21 14:04 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210305
|
7.1 |
HIGH
Local
|
openvpn
|
connect
|
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
|
CWE-59
Link Following
|
CVE-2020-15075
|
2024-11-21 14:04 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210306
|
6.5 |
MEDIUM
Network
|
bloomreach
|
experience_manager
|
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.
|
CWE-352
Origin Validation Error
|
CVE-2020-14989
|
2024-11-21 14:04 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210307
|
5.4 |
MEDIUM
Network
|
bloomreach
|
experience_manager
|
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML ele…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14988
|
2024-11-21 14:04 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210308
|
7.2 |
HIGH
Network
|
bloomreach
|
experience_manager
|
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for adminis…
|
CWE-74
CWE-862
Injection
Missing Authorization
|
CVE-2020-14987
|
2024-11-21 14:04 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210309
|
9.1 |
CRITICAL
Network
|
loklak_project
|
loklak
|
loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. A…
|
-
|
CVE-2020-15097
|
2024-11-21 14:04 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210310
|
9.8 |
CRITICAL
Network
|
oracle
|
utilities_framework
coherence
|
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1…
|
NVD-CWE-noinfo
|
CVE-2020-14756
|
2024-11-21 14:04 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
