|
199061
|
6.8 |
MEDIUM
Physics
|
freebsd
|
freebsd
|
In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB n…
|
CWE-20
Improper Input Validation
|
CVE-2020-7459
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199062
|
8.8 |
HIGH
Network
|
easycorp
|
zentao_pro
|
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct …
|
CWE-78
OS Command
|
CVE-2020-7361
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199063
|
9.9 |
CRITICAL
Network
|
cayintech
|
cms-se_firmware
cms-se-lxc_firmware
cms-60_firmware
cms-40_firmware
cms-20_firmware
cms
|
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user …
|
CWE-78
OS Command
|
CVE-2020-7357
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199064
|
9.8 |
CRITICAL
Network
|
cayintech
|
xpost
|
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being ret…
|
CWE-89
SQL Injection
|
CVE-2020-7356
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199065
|
8.4 |
HIGH
Local
|
mcafee
|
total_protection
|
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.
|
NVD-CWE-noinfo
|
CVE-2020-7298
|
2024-11-21 14:37 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199066
|
8.8 |
HIGH
Local
|
gog
|
galaxy
|
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with thi…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-7352
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199067
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7823
|
2024-11-21 14:37 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199068
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7822
|
2024-11-21 14:37 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199069
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7829
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199070
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7828
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
