CVE-2020-5402
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
Source: CVE-2020-5402
[월:] 2020년 02월
CVE-2020-7041
CVE-2020-7041
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.
Source: CVE-2020-7041
CVE-2015-2992
CVE-2015-2992
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.
Source: CVE-2015-2992
CVE-2020-7043
CVE-2020-7043
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider ‘{$content}’ characters, as demonstrated by a good.example.comx00evil.example.com attack.
Source: CVE-2020-7043
CVE-2020-7042
CVE-2020-7042
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
Source: CVE-2020-7042
CVE-2017-16900
CVE-2017-16900
Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user’s information which is unauthorized via brute force.
Source: CVE-2017-16900
CVE-2019-5323
CVE-2019-5323
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.
Source: CVE-2019-5323
CVE-2020-6863
CVE-2020-6863
ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL.
Source: CVE-2020-6863
CVE-2019-5326
CVE-2019-5326
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.
Source: CVE-2019-5326
CVE-2020-6864
CVE-2020-6864
ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router.
Source: CVE-2020-6864