|
209281
|
6.1 |
MEDIUM
Network
|
icewarp
|
webclient
|
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25925
|
2024-11-21 14:18 |
2021-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209282
|
7.5 |
HIGH
Network
|
pexip
|
pexip_infinity
|
Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service).
|
CWE-20
Improper Input Validation
|
CVE-2020-25868
|
2024-11-21 14:18 |
2021-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209283
|
8.8 |
HIGH
Network
|
enphase
|
envoy_firmware
|
An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary comma…
|
CWE-78
OS Command
|
CVE-2020-25755
|
2024-11-21 14:18 |
2021-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209284
|
7.5 |
HIGH
Network
|
enphase
|
envoy_firmware
|
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password deri…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-25754
|
2024-11-21 14:18 |
2021-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209285
|
9.8 |
CRITICAL
Network
|
enphase
|
envoy_firmware
|
An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an …
|
NVD-CWE-noinfo
|
CVE-2020-25753
|
2024-11-21 14:18 |
2021-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209286
|
5.3 |
MEDIUM
Network
|
enphase
|
envoy_firmware
|
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded va…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25752
|
2024-11-21 14:18 |
2021-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209287
|
5.5 |
MEDIUM
Local
|
long_range_zip_project
debian
|
long_range_zip
debian_linux
|
A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-25467
|
2024-11-21 14:18 |
2021-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209288
|
4.8 |
MEDIUM
Network
|
silverstripe
|
silverstripe
|
SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When …
|
CWE-611
XXE
|
CVE-2020-25817
|
2024-11-21 14:18 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209289
|
8.1 |
HIGH
Network
|
redhat
|
cloudforms
|
A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted onl…
|
NVD-CWE-Other
|
CVE-2020-25716
|
2024-11-21 14:18 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209290
|
6.1 |
MEDIUM
Network
|
dogtagpki
|
dogtagpki
|
A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get auto…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25715
|
2024-11-21 14:18 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
