|
211431
|
3.3 |
LOW
Local
|
zephyrproject
|
zephyr
|
Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephy…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13599
|
2024-11-21 14:01 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211432
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https:/…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-13598
|
2024-11-21 14:01 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211433
|
5.3 |
MEDIUM
Network
|
drupal
|
drupal
|
Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switch…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13667
|
2024-11-21 14:01 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211434
|
6.1 |
MEDIUM
Adjacent
|
systemd_project
fedoraproject
netapp
|
systemd
fedora
cloud_backup
active_iq_unified_manager
|
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing att…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-13529
|
2024-11-21 14:01 |
2021-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211435
|
9.8 |
CRITICAL
Network
|
drupal
|
drupal
|
Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issu…
|
NVD-CWE-noinfo
|
CVE-2020-13665
|
2024-11-21 14:01 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211436
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal…
|
CWE-601
Open Redirect
|
CVE-2020-13662
|
2024-11-21 14:01 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211437
|
8.8 |
HIGH
Network
|
drupal
|
drupal
|
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefull…
|
CWE-77
Command Injection
|
CVE-2020-13664
|
2024-11-21 14:01 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211438
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13666
|
2024-11-21 14:01 |
2021-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211439
|
8.8 |
HIGH
Network
|
open-emr
phpgacl_project
|
openemr
phpgacl
|
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_gro…
|
CWE-89
SQL Injection
|
CVE-2020-13568
|
2024-11-21 14:01 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211440
|
8.8 |
HIGH
Network
|
open-emr
phpgacl_project
|
openemr
phpgacl
|
SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_gr…
|
CWE-89
SQL Injection
|
CVE-2020-13566
|
2024-11-21 14:01 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
