|
209451
|
7.5 |
HIGH
Network
|
ansible_collections_project
|
community.crypto
|
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2020-25646
|
2024-11-21 14:18 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209452
|
7.5 |
HIGH
Network
|
commvault
|
commcell
|
In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instea…
|
CWE-22
Path Traversal
|
CVE-2020-25780
|
2024-11-21 14:18 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209453
|
5.4 |
MEDIUM
Network
|
wso2
|
enterprise_integrator
|
WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25516
|
2024-11-21 14:18 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209454
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_firmware
|
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2020-25765
|
2024-11-21 14:18 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209455
|
6.1 |
MEDIUM
Network
|
antsword_project
|
antsword
|
AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25470
|
2024-11-21 14:18 |
2020-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209456
|
9.8 |
CRITICAL
Network
|
ucms_project
|
ucms
|
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25483
|
2024-11-21 14:18 |
2020-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209457
|
9.8 |
CRITICAL
Network
|
crmeb
|
crmeb
|
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-25466
|
2024-11-21 14:18 |
2020-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209458
|
6.5 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-25820
|
2024-11-21 14:18 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209459
|
7.5 |
HIGH
Network
|
mozilla
redhat
fedoraproject
oracle
|
network_security_services
enterprise_linux
fedora
communications_offline_mediation_controller
communications_pricing_design_center
jd_edwards_enterpriseone_tools
|
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-25648
|
2024-11-21 14:18 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209460
|
7.5 |
HIGH
Network
|
qualcomm
|
qualcomm_mobile_access_point
|
The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() functi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-25858
|
2024-11-21 14:18 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
