CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2021-02-25
Medium
CVE-2020-27543

Vendor: Restify-paginate project
Software: Restify-paginate
 

 
The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.

 
2021-02-23
Medium
CVE-2020-25161

Vendor: Advantech
Software: Webaccess\/scada
 

 
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.

 
2021-02-05
Medium
CVE-2021-26711

Vendor: Redwood
Software: Report2web
 

 
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.

 
2020-09-17
High
CVE-2020-0267

Vendor: Google
Software: Android
 

 
In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139128211

 
Low
CVE-2020-0337

Vendor: Google
Software: Android
 

 
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124329382

 
Low
CVE-2020-0338

Vendor: Google
Software: Android
 

 
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123700107

 
Medium
CVE-2020-0345

Vendor: Google
Software: Android
 

 
In DocumentsUI, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144286721

 
2020-09-01
Waiting for details
CVE-2018-12475

Updating...
 

 
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .

 
2020-08-07
Low
CVE-2020-5412

Vendor: Vmware
Software: Spring cloud...
 

 
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.

 
2020-07-29
Medium
CVE-2020-8553

Vendor: Kubernetes
Software: Ingress-nginx
 

 
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top