CVE-2020-24794

Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75.

Source: CVE-2020-24794

CVE-2020-24200

** REJECTED ** SQL injection in Login component in Car Rental Management System v1.0 allows remote attackers to escalate privileges to administrator.

Source: CVE-2020-24200

CVE-2020-1749

A flaw was found in the Linux kernel’s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn’t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

Source: CVE-2020-1749

CVE-2020-24198

A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the ‘Brand Name.’

Source: CVE-2020-24198

CVE-2020-24199

Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.

Source: CVE-2020-24199

CVE-2020-24195

An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution.

Source: CVE-2020-24195

CVE-2020-14384

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability.

Source: CVE-2020-14384

CVE-2020-24194

A Cross-site scripting (XSS) vulnerability in ‘user-profile.php’ in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the ‘fullname’ parameter.

Source: CVE-2020-24194

CVE-2020-1968

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

Source: CVE-2020-1968

CVE-2020-6311

Banking services from SAP 9.0 (Bank Analyzer), version – 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data.

Source: CVE-2020-6311