|
200551
|
6.1 |
MEDIUM
Network
|
sixapart
|
movable_type
|
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Mo…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5575
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200552
|
5.3 |
MEDIUM
Network
|
sixapart
|
movable_type
|
HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advan…
|
CWE-74
Injection
|
CVE-2020-5574
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200553
|
8.8 |
HIGH
Network
|
pivotal_software
|
spring_security
|
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provide…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-5407
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200554
|
4.8 |
MEDIUM
Network
|
symantec
|
it_analytics
|
Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into we…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5838
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200555
|
5.5 |
MEDIUM
Local
|
f5
|
big-ip_access_policy_manager
big-ip_access_policy_manager_client
|
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoContr…
|
NVD-CWE-Other
|
CVE-2020-5898
|
2024-11-21 14:34 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200556
|
8.8 |
HIGH
Network
|
f5
|
big-ip_access_policy_manager
big-ip_access_policy_manager_client
|
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
|
CWE-416
Use After Free
|
CVE-2020-5897
|
2024-11-21 14:34 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200557
|
7.8 |
HIGH
Local
|
f5
|
big-ip_access_policy_manager
big-ip_access_policy_manager_client
|
On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5896
|
2024-11-21 14:34 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200558
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_protection
|
Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.
|
CWE-59
Link Following
|
CVE-2020-5837
|
2024-11-21 14:34 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200559
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_protection
|
Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled.
|
NVD-CWE-noinfo
|
CVE-2020-5836
|
2024-11-21 14:34 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200560
|
7.0 |
HIGH
Local
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine.
|
CWE-362
Race Condition
|
CVE-2020-5835
|
2024-11-21 14:34 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
