CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
Source: CVE-2020-13430
[월:] 2020년 05월
CVE-2020-13429
CVE-2020-13429
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.
Source: CVE-2020-13429
CVE-2020-13425
CVE-2020-13425
TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted.
Source: CVE-2020-13425
CVE-2020-13424
CVE-2020-13424
The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure.
Source: CVE-2020-13424
CVE-2020-13417
CVE-2020-13417
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.
Source: CVE-2020-13417
CVE-2020-13416
CVE-2020-13416
An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets.
Source: CVE-2020-13416
CVE-2020-13414
CVE-2020-13414
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.
Source: CVE-2020-13414
CVE-2020-13415
CVE-2020-13415
An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.
Source: CVE-2020-13415
CVE-2020-13413
CVE-2020-13413
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
Source: CVE-2020-13413
CVE-2020-13412
CVE-2020-13412
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.
Source: CVE-2020-13412