|
209441
|
8.8 |
HIGH
Network
|
cmsuno_project
|
cmsuno
|
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the contro…
|
CWE-94
Code Injection
|
CVE-2020-25538
|
2024-11-21 14:18 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209442
|
6.1 |
MEDIUM
Network
|
cacti
debian
|
cacti
debian_linux
|
A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field
|
-
|
CVE-2020-25706
|
2024-11-21 14:18 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209443
|
5.9 |
MEDIUM
Network
|
python-rsa_project
redhat
fedoraproject
|
python-rsa
openstack_platform
fedora
|
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
|
-
|
CVE-2020-25658
|
2024-11-21 14:18 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209444
|
6.5 |
MEDIUM
Network
|
redhat
|
advanced_cluster_management_for_kubernetes
|
An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a sho…
|
CWE-863
Incorrect Authorization
|
CVE-2020-25655
|
2024-11-21 14:18 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209445
|
9.8 |
CRITICAL
Network
|
saltstack
debian
|
salt
debian_linux
|
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
|
CWE-287
Improper Authentication
|
CVE-2020-25592
|
2024-11-21 14:18 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209446
|
7.5 |
HIGH
Network
|
microfocus
|
self_service_password_reset
|
Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain con…
|
NVD-CWE-noinfo
|
CVE-2020-25837
|
2024-11-21 14:18 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209447
|
6.5 |
MEDIUM
Adjacent
|
redhat
|
enterprise_linux
|
A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. Thi…
|
-
|
CVE-2020-25662
|
2024-11-21 14:18 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209448
|
8.8 |
HIGH
Adjacent
|
redhat
|
enterprise_linux
|
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent …
|
-
|
CVE-2020-25661
|
2024-11-21 14:18 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209449
|
6.5 |
MEDIUM
Network
|
redhat
netapp
|
wildfly
jboss_enterprise_application_platform
single_sign-on
jboss_fuse
jboss_data_grid
openshift_application_runtimes
fuse
oncommand_insight
service_level_manager
active_i…
|
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able…
|
-
|
CVE-2020-25689
|
2024-11-21 14:18 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209450
|
8.8 |
HIGH
Network
|
openfind
|
mailgates
mailaudit
|
MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token.
|
CWE-78
OS Command
|
CVE-2020-25849
|
2024-11-21 14:18 |
2020-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
