|
208081
|
8.8 |
HIGH
Network
|
aviatrix
|
controller
|
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.
|
NVD-CWE-noinfo
|
CVE-2020-26548
|
2024-11-21 14:20 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208082
|
5.4 |
MEDIUM
Network
|
kaaproject
|
kaa
|
Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parame…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26701
|
2024-11-21 14:20 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208083
|
9.8 |
CRITICAL
Network
|
cisco
|
security_manager
|
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected devic…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-27131
|
2024-11-21 14:20 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208084
|
9.1 |
CRITICAL
Network
|
cisco
|
security_manager
|
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory travers…
|
NVD-CWE-Other
|
CVE-2020-27130
|
2024-11-21 14:20 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208085
|
9.8 |
CRITICAL
Network
|
cisco
|
security_manager
|
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of…
|
CWE-20
Improper Input Validation
|
CVE-2020-27125
|
2024-11-21 14:20 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208086
|
7.8 |
HIGH
Local
|
binarynights
|
forklift
|
BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacke…
|
CWE-862
Missing Authorization
|
CVE-2020-27192
|
2024-11-21 14:20 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208087
|
7.5 |
HIGH
Network
|
lionwiki
|
lionwiki
|
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only aff…
|
NVD-CWE-noinfo
|
CVE-2020-27191
|
2024-11-21 14:20 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208088
|
7.5 |
HIGH
Network
|
eclipse
|
hono
|
In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the m…
|
NVD-CWE-noinfo
|
CVE-2020-27217
|
2024-11-21 14:20 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208089
|
6.1 |
MEDIUM
Network
|
sap
|
fiori_launchpad_\(news_tile_application\)
|
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a differen…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26825
|
2024-11-21 14:20 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208090
|
6.1 |
MEDIUM
Network
|
ckeditor
oracle
|
ckeditor
banking_platform
peoplesoft_enterprise_peopletools
agile_plm
commerce_merchandising
jd_edwards_enterpriseone_tools
financial_services_analytical_applications_infrastructure…
|
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML co…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27193
|
2024-11-21 14:20 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
