|
211301
|
7.8 |
HIGH
Local
|
drweb
|
security_space
|
Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-23967
|
2024-11-21 14:14 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211302
|
8.8 |
HIGH
Network
|
fork-cms
|
fork_cms
|
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-24036
|
2024-11-21 14:14 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211303
|
6.7 |
MEDIUM
Local
|
tpm2_software_stack_project
fedoraproject
|
tpm2_software_stack
fedora
|
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.…
|
CWE-909
Missing Initialization of Resource
|
CVE-2020-24455
|
2024-11-21 14:14 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211304
|
7.8 |
HIGH
Local
|
yz1
|
yz1
|
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filena…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24175
|
2024-11-21 14:14 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211305
|
5.9 |
MEDIUM
Network
|
tweetstream_project
|
tweetstream
|
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24393
|
2024-11-21 14:14 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211306
|
5.9 |
MEDIUM
Network
|
twitter-stream_project
|
twitter-stream
|
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24392
|
2024-11-21 14:14 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211307
|
4.4 |
MEDIUM
Local
|
intel
|
ethernet_network_adapter_700_firmware
|
Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local acce…
|
CWE-20
Improper Input Validation
|
CVE-2020-24505
|
2024-11-21 14:14 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211308
|
5.5 |
MEDIUM
Local
|
intel
|
ethernet_network_adapter_e810_firmware
|
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local acces…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-24504
|
2024-11-21 14:14 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211309
|
5.5 |
MEDIUM
Local
|
intel
|
ethernet_network_adapter_e810_firmware
|
Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.
|
NVD-CWE-noinfo
|
CVE-2020-24503
|
2024-11-21 14:14 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211310
|
5.5 |
MEDIUM
Local
|
intel
|
ethernet_network_adapter_e810_firmware
|
Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable…
|
CWE-20
Improper Input Validation
|
CVE-2020-24502
|
2024-11-21 14:14 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
