|
208491
|
9.8 |
CRITICAL
Network
|
apache
|
syncope
|
A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) …
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2020-1959
|
2024-11-21 14:11 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208492
|
9.8 |
CRITICAL
Network
|
juniper
|
junos
|
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an un…
|
CWE-22
Path Traversal
|
CVE-2020-1631
|
2024-11-21 14:11 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208493
|
7.8 |
HIGH
Local
|
huawei
|
pcmanager
|
Huawei PCManager with versions earlier than 10.0.1.36 has a privilege escalation vulnerability. Due to improper permission management of specific files, local attackers with low permissions can injec…
|
NVD-CWE-noinfo
|
CVE-2020-1817
|
2024-11-21 14:11 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208494
|
7.0 |
HIGH
Local
|
gnu
canonical
netapp
debian
|
glibc
ubuntu_linux
steelstore_cloud_integrated_storage
active_iq_unified_manager
solidfire
hci_management_node
h410c_firmware
debian_linux
|
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid user…
|
-
|
CVE-2020-1752
|
2024-11-21 14:11 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208495
|
4.9 |
MEDIUM
Network
|
otrs
debian
|
otrs
debian_linux
|
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of…
|
NVD-CWE-Other
|
CVE-2020-1774
|
2024-11-21 14:11 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208496
|
9.8 |
CRITICAL
Network
|
redhat
|
undertow
|
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote…
|
NVD-CWE-noinfo
|
CVE-2020-1745
|
2024-11-21 14:11 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208497
|
8.6 |
HIGH
Network
|
kiali
redhat
|
kiali
openshift_service_mesh
|
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT…
|
CWE-613
CWE-384
Insufficient Session Expiration
Session Fixation
|
CVE-2020-1762
|
2024-11-21 14:11 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208498
|
5.3 |
MEDIUM
Network
|
freeipa
redhat
|
freeipa
enterprise_linux
|
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading …
|
-
|
CVE-2020-1722
|
2024-11-21 14:11 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208499
|
9.8 |
CRITICAL
Network
|
apache
|
iotdb
|
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-1952
|
2024-11-21 14:11 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208500
|
5.5 |
MEDIUM
Local
|
huawei
|
lion-al00c_firmware
|
Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient …
|
CWE-20
Improper Input Validation
|
CVE-2020-1880
|
2024-11-21 14:11 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
