CVE-2020-16048 (angle)
Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page. Devamını Oku
Devamını oku
CVE-2020-16048
Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page. Devamını Oku
CVE-2020-15955
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker. Devamını Oku
CVE-2020-15948 (chat)
eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. Devamını Oku
CVE-2020-15948
eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. Devamını Oku
CVE-2020-15942
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile. Devamını Oku
CVE-2020-15941
A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages. Devamını Oku
CVE-2020-15940 (forticlient_enterprise_management_server)
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server. Devamını Oku
CVE-2020-15940
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server. Devamını Oku
CVE-2020-15939 (fortisandbox)
An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL. Devamını Oku
CVE-2020-15939
An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL. Devamını Oku
CVE-2020-15936
A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database