|
209541
|
4.3 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
|
CWE-863
Incorrect Authorization
|
CVE-2020-29454
|
2024-11-21 14:24 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209542
|
6.1 |
MEDIUM
Network
|
papermerge
|
papermerge
|
Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29456
|
2024-11-21 14:24 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209543
|
6.5 |
MEDIUM
Network
|
outsystems
|
outsystems
|
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29441
|
2024-11-21 14:24 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209544
|
4.6 |
MEDIUM
Physics
|
tesla
|
model_x_firmware
|
Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a veh…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-29440
|
2024-11-21 14:24 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209545
|
4.6 |
MEDIUM
Physics
|
tesla
|
model_x_firmware
|
Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN…
|
NVD-CWE-noinfo
|
CVE-2020-29439
|
2024-11-21 14:24 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209546
|
6.5 |
MEDIUM
Adjacent
|
tesla
|
model_x_firmware
|
Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a se…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-29438
|
2024-11-21 14:24 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209547
|
3.3 |
LOW
Local
|
paloaltonetworks
|
pan-os
|
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-2048
|
2024-11-21 14:24 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209548
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitra…
|
CWE-78
OS Command
|
CVE-2020-2000
|
2024-11-21 14:24 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209549
|
8.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an inva…
|
CWE-287
Improper Authentication
|
CVE-2020-2050
|
2024-11-21 14:24 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209550
|
7.5 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panor…
|
CWE-269
Improper Privilege Management
|
CVE-2020-2022
|
2024-11-21 14:24 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
