|
211741
|
9.6 |
CRITICAL
Network
|
leostream
|
connection_broker
|
Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins …
|
CWE-79
Cross-site Scripting
|
CVE-2020-26574
|
2024-11-21 14:20 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211742
|
5.5 |
MEDIUM
Local
|
opensc_project
fedoraproject
debian
|
opensc
fedora
debian_linux
|
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26572
|
2024-11-21 14:20 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211743
|
5.5 |
MEDIUM
Local
|
opensc_project
debian
fedoraproject
|
opensc
debian_linux
fedora
|
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26571
|
2024-11-21 14:20 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211744
|
5.5 |
MEDIUM
Local
|
opensc_project
fedoraproject
debian
|
opensc
fedora
debian_linux
|
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26570
|
2024-11-21 14:20 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211745
|
9.8 |
CRITICAL
Network
|
damstratechnology
|
smart_asset
|
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding wi…
|
CWE-346
Origin Validation Error
|
CVE-2020-26527
|
2024-11-21 14:20 |
2020-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211746
|
5.3 |
MEDIUM
Network
|
damstratechnology
|
smart_asset
|
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid th…
|
NVD-CWE-noinfo
|
CVE-2020-26526
|
2024-11-21 14:20 |
2020-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211747
|
9.1 |
CRITICAL
Network
|
damstratechnology
|
smart_asset
|
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers.
|
CWE-89
SQL Injection
|
CVE-2020-26525
|
2024-11-21 14:20 |
2020-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211748
|
6.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
|
NVD-CWE-Other
|
CVE-2020-26541
|
2024-11-21 14:20 |
2020-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211749
|
7.5 |
HIGH
Network
|
foxitsoftware
|
foxit_reader
phantompdf
|
An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) c…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-26540
|
2024-11-21 14:20 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211750
|
9.8 |
CRITICAL
Network
|
foxitsoftware
|
foxit_reader
phantompdf
|
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur …
|
CWE-416
Use After Free
|
CVE-2020-26539
|
2024-11-21 14:20 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
