|
212511
|
8.1 |
HIGH
Network
|
ory
|
fosite
|
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When u…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-15222
|
2024-11-21 14:05 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212512
|
7.5 |
HIGH
Network
|
trendmicro
|
antivirus\+_2019
internet_security_2019
maximum_security_2019
officescan_cloud
premium_security_2019
|
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another a…
|
CWE-295
CWE-494
Improper Certificate Validation
Download of Code Without Integrity Check
|
CVE-2020-15604
|
2024-11-21 14:05 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212513
|
7.2 |
HIGH
Network
|
brassica
|
soy_cms
|
SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase im…
|
-
|
CVE-2020-15189
|
2024-11-21 14:05 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212514
|
9.8 |
CRITICAL
Network
|
alfresco
|
reset_password
|
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impac…
|
NVD-CWE-Other
|
CVE-2020-15181
|
2024-11-21 14:05 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212515
|
9.8 |
CRITICAL
Network
|
brassica
|
soy_cms
|
SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the ser…
|
-
|
CVE-2020-15188
|
2024-11-21 14:05 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212516
|
2.7 |
LOW
Network
|
helm
|
helm
|
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart.…
|
CWE-74
Injection
|
CVE-2020-15184
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212517
|
4.7 |
MEDIUM
Network
|
helm
|
helm
|
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an a…
|
NVD-CWE-Other
|
CVE-2020-15187
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212518
|
2.7 |
LOW
Network
|
helm
|
helm
|
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavio…
|
CWE-74
Injection
|
CVE-2020-15186
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212519
|
2.7 |
LOW
Network
|
helm
|
helm
|
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access t…
|
NVD-CWE-Other
|
CVE-2020-15185
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212520
|
4.8 |
MEDIUM
Network
|
soycms_project
|
soycms
|
SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows remote attackers to force the administr…
|
-
|
CVE-2020-15183
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
