CVE-2020-24794
Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75.
Source: CVE-2020-24794
CVE-2020-24794
Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75.
Source: CVE-2020-24794
CVE-2020-24200
** REJECTED ** SQL injection in Login component in Car Rental Management System v1.0 allows remote attackers to escalate privileges to administrator.
Source: CVE-2020-24200
CVE-2020-1749
A flaw was found in the Linux kernel’s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn’t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Source: CVE-2020-1749
CVE-2020-24198
A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the ‘Brand Name.’
Source: CVE-2020-24198
CVE-2020-24199
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.
Source: CVE-2020-24199
CVE-2020-24195
An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution.
Source: CVE-2020-24195
CVE-2020-14384
A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability.
Source: CVE-2020-14384
CVE-2020-24194
A Cross-site scripting (XSS) vulnerability in ‘user-profile.php’ in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the ‘fullname’ parameter.
Source: CVE-2020-24194
CVE-2020-1968
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
Source: CVE-2020-1968
CVE-2020-6311
Banking services from SAP 9.0 (Bank Analyzer), version – 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data.
Source: CVE-2020-6311