Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-05 | CVE-2020-15950 | Insufficient Session Expiration vulnerability in Immuta 2.8.2 Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. | 6.8 |
| 2020-11-05 | CVE-2020-15949 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Immuta 2.8.2 Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover. | 5.0 |
| 2020-11-05 | CVE-2020-7763 | Information Exposure vulnerability in Jsreport Phantom-Html-To-Pdf This affects the package phantom-html-to-pdf before 0.6.1. | 5.0 |
| 2020-11-05 | CVE-2020-7762 | Information Exposure vulnerability in Jsreport Jsreport-Chrome-Pdf This affects the package jsreport-chrome-pdf before 1.10.0. | 4.0 |
| 2020-11-05 | CVE-2020-7761 | Unspecified vulnerability in Absolunet Kafe This affects the package @absolunet/kafe before 3.2.10. | 5.0 |
| 2020-11-05 | CVE-2020-27387 | Unrestricted Upload of File with Dangerous Type vulnerability in Horizontcms Project Horizontcms 1.0.0 An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. | 8.8 |
| 2020-11-04 | CVE-2020-25201 | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. | 7.5 |
| 2020-11-04 | CVE-2020-26207 | Deserialization of Untrusted Data vulnerability in Databaseschemareader Project Dbschemareader DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. | 6.8 |
| 2020-11-04 | CVE-2020-27692 | Cross-Site Request Forgery (CSRF) vulnerability in Imomobile Verve Connect Vh510 Firmware The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. | 6.8 |
| 2020-11-04 | CVE-2020-27691 | Cross-site Scripting vulnerability in Imomobile Verve Connect Vh510 Firmware The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings. | 4.3 |