Latest CVE Feed
-
8.1
HIGHCVE-2020-8206
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.... Read more
- Published: Jul. 30, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2020-8205
The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.... Read more
- Published: Jul. 20, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8204
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.... Read more
- Published: Jul. 30, 2020
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2020-8203
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.... Read more
Affected Products : peoplesoft_enterprise_peopletools jd_edwards_enterpriseone_tools communications_cloud_native_core_policy communications_billing_and_revenue_management banking_virtual_account_management blockchain_platform banking_corporate_lending_process_management banking_credit_facilities_process_management banking_extensibility_workbench banking_supply_chain_finance +8 more products- Published: Jul. 15, 2020
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2020-8202
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password.... Read more
Affected Products : preferred_providers- Published: Jul. 30, 2020
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude o... Read more
- Published: Sep. 18, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2020-8200
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.... Read more
Affected Products : storefront_server- Published: Sep. 18, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8199
Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root.... Read more
Affected Products : gateway_plug-in_for_linux- Published: Jul. 10, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8198
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).... Read more
Affected Products : application_delivery_controller_firmware netscaler_gateway_firmware sd-wan_wanop gateway_firmware netscaler_gateway application_delivery_controller gateway 4000-wo 4100-wo 5000-wo +1 more products- Published: Jul. 10, 2020
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2020-8197
Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.... Read more
- Published: Jul. 10, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2020-8194
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.... Read more
Affected Products : application_delivery_controller_firmware netscaler_gateway_firmware sd-wan_wanop gateway_firmware netscaler_gateway application_delivery_controller gateway 4000-wo 4100-wo 5000-wo +1 more products- Published: Jul. 10, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2020-8192
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.... Read more
Affected Products : fastify- Published: Jul. 30, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8191
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).... Read more
Affected Products : application_delivery_controller_firmware netscaler_gateway_firmware sd-wan_wanop gateway_firmware netscaler_gateway application_delivery_controller gateway 4000-wo 4100-wo 5000-wo +1 more products- Published: Jul. 10, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2020-8190
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.... Read more
- Published: Jul. 10, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-8189
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.... Read more
Affected Products : desktop- Published: Aug. 21, 2020
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2020-8188
We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to t... Read more
Affected Products : unifi_protect_firmware unifi_dream_machine_pro unifi_protect unifi_cloud_key_plus- Published: Jul. 02, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2020-8187
Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.... Read more
- Published: Jul. 10, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-8186
A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.... Read more
Affected Products : devcert- Published: Jul. 10, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2020-8185
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.... Read more
- Published: Jul. 02, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2020-8184
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.... Read more
- Published: Jun. 19, 2020
- Modified: Nov. 21, 2024