|
210341
|
9.8 |
CRITICAL
Network
|
private-ip_project
|
private-ip
|
Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN rese…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-28360
|
2024-11-21 14:22 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210342
|
7.8 |
HIGH
Local
|
broadcom
|
unified_infrastructure_management
|
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
|
NVD-CWE-noinfo
|
CVE-2020-28421
|
2024-11-21 14:22 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210343
|
6.5 |
MEDIUM
Network
|
hashicorp
|
consul
|
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
|
CWE-863
Incorrect Authorization
|
CVE-2020-28053
|
2024-11-21 14:22 |
2020-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210344
|
7.8 |
HIGH
Local
|
securityonionsolutions
|
security_onion
|
Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-27985
|
2024-11-21 14:22 |
2020-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210345
|
8.8 |
HIGH
Network
|
schneider-electric
|
ecostruxure_control_expert
|
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution…
|
-
|
CVE-2020-28213
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210346
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
ecostruxure_control_expert
|
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized …
|
-
|
CVE-2020-28212
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210347
|
7.8 |
HIGH
Local
|
schneider-electric
|
ecostruxure_control_expert
|
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memor…
|
-
|
CVE-2020-28211
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210348
|
7.0 |
HIGH
Local
|
schneider-electric
|
enterprise_server_installer
|
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any…
|
-
|
CVE-2020-28209
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210349
|
6.1 |
MEDIUM
Network
|
sokrates
|
sowasql
|
A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28350
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210350
|
6.1 |
MEDIUM
Network
|
schneider-electric
|
ecostruxure_building_operation
|
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker …
|
-
|
CVE-2020-28210
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
