|
209051
|
9.6 |
CRITICAL
Network
|
linuxfoundation
|
dex
|
Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilitie…
|
-
|
CVE-2020-26290
|
2024-11-21 14:19 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209052
|
7.5 |
HIGH
Network
|
date-and-time_project
|
date-and-time
|
date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of s…
|
-
|
CVE-2020-26289
|
2024-11-21 14:19 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209053
|
5.4 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26035
|
2024-11-21 14:19 |
2020-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209054
|
4.3 |
MEDIUM
Network
|
zammad
|
zammad
|
An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The …
|
NVD-CWE-noinfo
|
CVE-2020-26034
|
2024-11-21 14:19 |
2020-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209055
|
5.4 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.
|
CWE-352
Origin Validation Error
|
CVE-2020-26033
|
2024-11-21 14:19 |
2020-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209056
|
7.5 |
HIGH
Network
|
zammad
|
zammad
|
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can u…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-26032
|
2024-11-21 14:19 |
2020-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209057
|
4.3 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions).
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-26031
|
2024-11-21 14:19 |
2020-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209058
|
9.8 |
CRITICAL
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticate…
|
CWE-287
Improper Authentication
|
CVE-2020-26030
|
2024-11-21 14:19 |
2020-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209059
|
6.5 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not …
|
CWE-863
Incorrect Authorization
|
CVE-2020-26029
|
2024-11-21 14:19 |
2020-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209060
|
4.9 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.
|
CWE-863
Incorrect Authorization
|
CVE-2020-26028
|
2024-11-21 14:19 |
2020-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
