|
214191
|
6.1 |
MEDIUM
Network
|
redhat
|
interchange
|
XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12685
|
2024-11-21 14:00 |
2020-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214192
|
5.4 |
MEDIUM
Network
|
rcos
|
submitty
|
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12882
|
2024-11-21 14:00 |
2020-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214193
|
7.5 |
HIGH
Network
|
veritas
|
aptare
|
Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-12877
|
2024-11-21 14:00 |
2020-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214194
|
7.5 |
HIGH
Network
|
veritas
|
aptare
|
Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments.
|
CWE-863
Incorrect Authorization
|
CVE-2020-12876
|
2024-11-21 14:00 |
2020-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214195
|
6.3 |
MEDIUM
Network
|
veritas
|
aptare
|
Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating spe…
|
CWE-863
Incorrect Authorization
|
CVE-2020-12875
|
2024-11-21 14:00 |
2020-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214196
|
9.8 |
CRITICAL
Network
|
veritas
|
aptare
|
Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.
|
CWE-287
Improper Authentication
|
CVE-2020-12874
|
2024-11-21 14:00 |
2020-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214197
|
6.1 |
MEDIUM
Network
|
progress
|
moveit_automation
|
An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execu…
|
CWE-79
Cross-site Scripting
|
CVE-2020-12677
|
2024-11-21 14:00 |
2020-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214198
|
6.5 |
MEDIUM
Adjacent
|
alberta
tracetogether
health
gov
|
abtracetogether
tracetogether
covidsafe
protego_safe
|
The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufac…
|
NVD-CWE-noinfo
|
CVE-2020-12717
|
2024-11-21 14:00 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214199
|
9.8 |
CRITICAL
Network
|
simplefilelist
|
simple-file-list
|
WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.
|
CWE-22
Path Traversal
|
CVE-2020-12832
|
2024-11-21 14:00 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214200
|
5.3 |
MEDIUM
Network
|
linuxfoundation
|
free_range_routing
|
An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissi…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-12831
|
2024-11-21 14:00 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
