Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-05 | CVE-2020-25399 | Insufficiently Protected Credentials vulnerability in Mind Imind Server 3.13.65 Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat. | 6.8 |
| 2020-11-05 | CVE-2020-25398 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mind Imind Server 3.13.65 CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. | 6.8 |
| 2020-11-05 | CVE-2020-28115 | SQL Injection vulnerability in Web-Audimex Audimexee SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter. | 6.5 |
| 2020-11-05 | CVE-2020-28047 | Cross-site Scripting vulnerability in Web-Audimex Audimexee AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). | 3.5 |
| 2020-11-05 | CVE-2020-27955 | Uncontrolled Search Path Element vulnerability in GIT Large File Storage Project GIT Large File Storage 2.12.0 Git LFS 2.12.0 allows Remote Code Execution. | 10.0 |
| 2020-11-05 | CVE-2020-27688 | Insufficiently Protected Credentials vulnerability in Robware Rvtools 4.0.6 RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. | 5.0 |
| 2020-11-05 | CVE-2020-27402 | Unspecified vulnerability in Hindotech HK1 BOX S905X3 Firmware Hk1X3S905X34Bitv1120191105 The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb. | 7.2 |
| 2020-11-05 | CVE-2020-24849 | Improper Encoding or Escaping of Output vulnerability in Fruitywifi Project Fruitywifi A remote code execution vulnerability is identified in FruityWifi through 2.4. | 6.5 |
| 2020-11-05 | CVE-2020-15952 | Cross-site Scripting vulnerability in Immuta 2.8.2 Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. | 6.0 |
| 2020-11-05 | CVE-2020-15951 | Injection vulnerability in Immuta 2.8.2 Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. | 4.3 |