|
208321
|
5.9 |
MEDIUM
Network
|
exposure_notifications_project
|
exposure_notifications
|
An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX …
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-24722
|
2024-11-21 14:15 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208322
|
8.8 |
HIGH
Network
|
hpe
|
kvm_ip_console_switch_g2_firmware
|
A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.
|
CWE-94
Code Injection
|
CVE-2020-24628
|
2024-11-21 14:15 |
2020-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208323
|
5.4 |
MEDIUM
Network
|
hpe
|
kvm_ip_console_switch_g2_firmware
|
A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24627
|
2024-11-21 14:15 |
2020-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208324
|
6.5 |
MEDIUM
Network
|
mbconnectline
|
mymbconnect24
mbconnect24
|
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrar…
|
CWE-89
SQL Injection
|
CVE-2020-24568
|
2024-11-21 14:15 |
2020-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208325
|
9.8 |
CRITICAL
Network
|
powerdns
|
authoritative
|
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a cras…
|
CWE-415
Double Free
|
CVE-2020-24698
|
2024-11-21 14:15 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208326
|
7.5 |
HIGH
Network
|
powerdns
|
authoritative
|
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted querie…
|
NVD-CWE-noinfo
|
CVE-2020-24697
|
2024-11-21 14:15 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208327
|
8.1 |
HIGH
Network
|
powerdns
|
authoritative
|
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or pos…
|
CWE-362
Race Condition
|
CVE-2020-24696
|
2024-11-21 14:15 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208328
|
7.8 |
HIGH
Local
|
unisys
|
stealth
|
Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-24620
|
2024-11-21 14:15 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208329
|
5.7 |
MEDIUM
Physics
|
apple
google
|
exposure_notifications
|
An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a positio…
|
NVD-CWE-noinfo
|
CVE-2020-24721
|
2024-11-21 14:15 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208330
|
6.5 |
MEDIUM
Network
|
mbconnectline
|
mymbconnect24
mbconnect24
|
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session in…
|
CWE-352
CWE-918
Origin Validation Error
Server-Side Request Forgery (SSRF)
|
CVE-2020-24570
|
2024-11-21 14:15 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
