|
209341
|
5.9 |
MEDIUM
Network
|
cryptography.io
oracle
|
cryptography
communications_cloud_native_core_network_function_cloud_native_environment
|
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
|
NVD-CWE-Other
|
CVE-2020-25659
|
2024-11-21 14:18 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209342
|
4.4 |
MEDIUM
Local
|
redhat
fedoraproject
|
ceph_storage
ceph
fedora
|
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visibl…
|
-
|
CVE-2020-25678
|
2024-11-21 14:18 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209343
|
5.4 |
MEDIUM
Network
|
redhat
|
jboss_core_services_httpd
|
A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostna…
|
-
|
CVE-2020-25680
|
2024-11-21 14:18 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209344
|
6.1 |
MEDIUM
Network
|
liferay
|
liferay_portal
|
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25476
|
2024-11-21 14:18 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209345
|
4.8 |
MEDIUM
Network
|
beetel
|
777vr1_firmware
|
Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and "Keyword" in URL Filter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25498
|
2024-11-21 14:18 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209346
|
5.4 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be …
|
CWE-79
Cross-site Scripting
|
CVE-2020-25799
|
2024-11-21 14:18 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209347
|
5.4 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25797
|
2024-11-21 14:18 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209348
|
7.5 |
HIGH
Network
|
hgiga
|
msr45_isherlock-user
ssr45_isherlock-user
|
The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.
|
NVD-CWE-noinfo
|
CVE-2020-25850
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209349
|
9.8 |
CRITICAL
Network
|
hgiga
|
ssr45_isherlock-useradmin
ssr45_isherlock-user
ssr45_isherlock-base
ssr45_isherlock-audit
ssr45_isherlock-antispam
msr45_isherlock-antispam
msr45_isherlock-audit
msr45_isherlock-…
|
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
|
CWE-287
Improper Authentication
|
CVE-2020-25848
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209350
|
7.4 |
HIGH
Network
|
panorama_project
|
nhiservisignadapter
|
The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user…
|
CWE-601
Open Redirect
|
CVE-2020-25846
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
