|
211791
|
9.8 |
CRITICAL
Network
|
aviatrix
|
controller
gateway
vpn_client
|
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain O…
|
NVD-CWE-noinfo
|
CVE-2020-13417
|
2024-11-21 14:01 |
2020-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211792
|
6.5 |
MEDIUM
Network
|
aviatrix
|
controller
|
An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Reque…
|
CWE-352
Origin Validation Error
|
CVE-2020-13416
|
2024-11-21 14:01 |
2020-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211793
|
7.5 |
HIGH
Network
|
aviatrix
|
controller
|
An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired o…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-13415
|
2024-11-21 14:01 |
2020-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211794
|
7.5 |
HIGH
Network
|
aviatrix
|
controller
gateway
|
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-13414
|
2024-11-21 14:01 |
2020-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211795
|
5.3 |
MEDIUM
Network
|
aviatrix
|
controller
vpn_client
|
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-13413
|
2024-11-21 14:01 |
2020-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211796
|
8.8 |
HIGH
Network
|
aviatrix
|
controller
|
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2020-13412
|
2024-11-21 14:01 |
2020-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211797
|
8.3 |
HIGH
Network
|
freerdp
debian
opensuse
canonical
|
freerdp
debian_linux
leap
ubuntu_linux
|
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-13398
|
2024-11-21 14:01 |
2020-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211798
|
5.5 |
MEDIUM
Local
|
freerdp
debian
opensuse
canonical
|
freerdp
debian_linux
leap
ubuntu_linux
|
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-13397
|
2024-11-21 14:01 |
2020-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211799
|
7.1 |
HIGH
Network
|
freerdp
debian
opensuse
canonical
|
freerdp
debian_linux
leap
ubuntu_linux
|
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-13396
|
2024-11-21 14:01 |
2020-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211800
|
9.8 |
CRITICAL
Network
|
python
|
jw.util
|
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one …
|
CWE-78
OS Command
|
CVE-2020-13388
|
2024-11-21 14:01 |
2020-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
