Show filters

Showing topics marked with the following tags:

(1-10 of 47)

Sort by:
Attacker Value
Very High

CVE-2020-9338

Disclosure Date: February 22, 2020 (last updated June 05, 2020)
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
Attack Vector: Network
0
Attacker Value
Low

CVE-2020-9339

Disclosure Date: February 22, 2020 (last updated June 05, 2020)
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
Attack Vector: Network
0
Attacker Value
Low

CVE-2020-14942

Disclosure Date: June 21, 2020 (last updated June 27, 2020)
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
Attack Vector: Network
0
Attacker Value
Low

CVE-2019-11539

Disclosure Date: April 26, 2019 (last updated July 30, 2020)
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
Attack Vector: Network
0
Attacker Value
Low

CVE-2020-15408

Disclosure Date: July 28, 2020 (last updated July 30, 2020)
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
Attack Vector: Network
1
Attacker Value
Moderate

CVE-2020-5252

Disclosure Date: March 23, 2020 (last updated July 24, 2020)
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself. This can happen if: You are running Safety in a Python environment that you don’t trust. You are running Safety from the same Python environment where you have your dependencies installed. Dependency packages are being installed arbitrarily or without proper verification. Users can mitigate this issue by doing any of the following: Perform a static analysis by installing Docker and running the Safety Docker image: $ docker run --rm -it pyupio/safety check -r requirements.txt Run Safety against a static dependencies list, such as the requirements.txt file, in a separate, clean Python environment. Run Safety from a Continuous Integration pipeline. Use PyUp.io, which runs Safety in a controlled environment and checks Python for dependencies without any need to install them. Use PyUp's Online Requirements Checker.
Attack Vector: Local
0
Attacker Value
High

CVE-2020-3956: VMware Cloud Director Code Injection Vulnerability

Disclosure Date: May 20, 2020 (last updated July 24, 2020)
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.
Attack Vector: Network
0
Attacker Value
Low

CVE-2020-9269

Disclosure Date: February 18, 2020 (last updated June 05, 2020)
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
Attack Vector: Network
0
Attacker Value
Moderate

CVE-2018-18629

Disclosure Date: December 20, 2018 (last updated June 05, 2020)
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.
Attack Vector: Local
0
Attacker Value
Very High

CVE-2019-19351

Disclosure Date: March 18, 2020 (last updated July 24, 2020)
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.
Attack Vector: Local
0