CVE-2018-6449

Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers

Source: CVE-2018-6449

CVE-2020-13995

U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer.

Source: CVE-2020-13995

CVE-2020-7735

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

Source: CVE-2020-7735

CVE-2020-15394

The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.

Source: CVE-2020-15394

CVE-2020-15521

Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .

Source: CVE-2020-15521

CVE-2020-26104

In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).

Source: CVE-2020-26104

CVE-2020-26103

In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).

Source: CVE-2020-26103

CVE-2020-26111

cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).

Source: CVE-2020-26111

CVE-2020-26105

In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).

Source: CVE-2020-26105

CVE-2020-26112

The email quota cache in cPanel before 90.0.10 allows overwriting of files.

Source: CVE-2020-26112