|
209961
|
9.8 |
CRITICAL
Network
|
arubanetworks
|
airwave_glass
|
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation …
|
NVD-CWE-noinfo
|
CVE-2020-24640
|
2024-11-21 14:15 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209962
|
9.8 |
CRITICAL
Network
|
arubanetworks
|
airwave_glass
|
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation ca…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-24639
|
2024-11-21 14:15 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209963
|
7.2 |
HIGH
Network
|
arubanetworks
|
airwave_glass
|
Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root…
|
NVD-CWE-noinfo
|
CVE-2020-24638
|
2024-11-21 14:15 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209964
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
|
CWE-79
Cross-site Scripting
|
CVE-2020-24701
|
2024-11-21 14:15 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209965
|
5.4 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24700
|
2024-11-21 14:15 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209966
|
7.5 |
HIGH
Network
|
dlink
|
dsl-2888a_firmware
|
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-24577
|
2024-11-21 14:15 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209967
|
7.8 |
HIGH
Local
|
arm
|
arm_compiler
|
Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes …
|
CWE-787
CWE-770
Out-of-bounds Write
Allocation of Resources Without Limits or Throttling
|
CVE-2020-24658
|
2024-11-21 14:15 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209968
|
9.8 |
CRITICAL
Network
|
abb
|
symphony_\+_historian
symphony_\+_operations
|
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not a…
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2020-24683
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209969
|
7.0 |
HIGH
Local
|
abb
|
symphony_\+_historian
symphony_\+_operations
|
In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-24680
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209970
|
9.8 |
CRITICAL
Network
|
abb
|
symphony_\+_historian
symphony_\+_operations
|
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the serv…
|
CWE-20
Improper Input Validation
|
CVE-2020-24679
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
