|
197511
|
5.3 |
MEDIUM
Network
|
google
|
tink
|
A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a secon…
|
NVD-CWE-Other
|
CVE-2020-8929
|
2024-11-21 14:39 |
2020-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197512
|
5.4 |
MEDIUM
Network
|
webmin
|
webmin
|
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visitin…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8821
|
2024-11-21 14:39 |
2020-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197513
|
5.4 |
MEDIUM
Network
|
webmin
|
webmin
|
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8820
|
2024-11-21 14:39 |
2020-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197514
|
5.5 |
MEDIUM
Local
|
huawei
|
taurus-al00a_firmware
|
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due t…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-9087
|
2024-11-21 14:39 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197515
|
8.1 |
HIGH
Adjacent
|
johnsoncontrols
tyco
|
victor_web_client
c-cure_web_client
|
A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-9048
|
2024-11-21 14:39 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197516
|
9.8 |
CRITICAL
Network
|
sierrawireless
|
aleos
|
Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
|
NVD-CWE-noinfo
|
CVE-2020-8782
|
2024-11-21 14:39 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197517
|
7.8 |
HIGH
Local
|
sierrawireless
|
aleos
|
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
|
NVD-CWE-noinfo
|
CVE-2020-8781
|
2024-11-21 14:39 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197518
|
5.5 |
MEDIUM
Local
|
intel
|
bios
|
Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series may allow an authenticated user to potentially ena…
|
NVD-CWE-noinfo
|
CVE-2020-8671
|
2024-11-21 14:39 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197519
|
7.5 |
HIGH
Network
|
telestream
|
sentry
medius
|
Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=l…
|
CWE-89
SQL Injection
|
CVE-2020-8887
|
2024-11-21 14:39 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197520
|
6.5 |
MEDIUM
Local
|
huawei
|
taurus-an00b_firmware
|
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. S…
|
CWE-416
Use After Free
|
CVE-2020-9084
|
2024-11-21 14:39 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
