|
210121
|
7.8 |
HIGH
Local
|
safervpn
|
safervpn
|
SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-201…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-26050
|
2024-11-21 14:19 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210122
|
5.4 |
MEDIUM
Network
|
redcarpet_project
debian
|
redcarpet
debian_linux
|
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTM…
|
-
|
CVE-2020-26298
|
2024-11-21 14:19 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210123
|
8.8 |
HIGH
Network
|
smartbear
|
collaborator
|
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-26118
|
2024-11-21 14:19 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210124
|
6.8 |
MEDIUM
Physics
|
dell
|
inspiron_5675_firmware
|
Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwritin…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-26186
|
2024-11-21 14:19 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210125
|
4.3 |
MEDIUM
Network
|
totalonlinesolutions
|
advanced_webhost_billing_system
|
Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery (CSRF) attacks that can delete a contact from the My Additional Contact page.
|
CWE-352
Origin Validation Error
|
CVE-2020-25950
|
2024-11-21 14:19 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210126
|
9.9 |
CRITICAL
Network
|
cisco
|
jabber
|
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) w…
|
CWE-78
OS Command
|
CVE-2020-26085
|
2024-11-21 14:19 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210127
|
6.7 |
MEDIUM
Local
|
dell
|
emc_unity_operating_environment
emc_unity_vsa_operating_environment
emc_unity_xt_operating_environment
|
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-26199
|
2024-11-21 14:19 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210128
|
7.8 |
HIGH
Local
|
dell
|
emc_powerscale_onefs
emc_isilon_onefs
|
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connec…
|
NVD-CWE-noinfo
|
CVE-2020-26181
|
2024-11-21 14:19 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210129
|
5.4 |
MEDIUM
Network
|
thedaylightstudio
|
fuel_cms
|
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26046
|
2024-11-21 14:19 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210130
|
9.8 |
CRITICAL
Network
|
thedaylightstudio
|
fuel_cms
|
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit …
|
CWE-89
SQL Injection
|
CVE-2020-26045
|
2024-11-21 14:19 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
