|
211501
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortios
|
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second fact…
|
CWE-287
CWE-178
Improper Authentication
Improper Handling of Case Sensitivity
|
CVE-2020-12812
|
2024-11-21 14:00 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211502
|
6.7 |
MEDIUM
Local
|
dlink
|
dsl-7740c_firmware
|
D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.
|
CWE-78
OS Command
|
CVE-2020-12774
|
2024-11-21 14:00 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211503
|
8.8 |
HIGH
Network
|
seczetta
|
neprofile
|
A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of t…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-12854
|
2024-11-21 14:00 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211504
|
9.8 |
CRITICAL
Network
|
inetsoftware
|
i-net_clear_reports
|
XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a we…
|
CWE-611
XXE
|
CVE-2020-12684
|
2024-11-21 14:00 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211505
|
4.6 |
MEDIUM
Physics
|
yubico
|
libykpiv
piv_tool_manager
yubikey_smart_card_minidriver
|
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. Thi…
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2020-13132
|
2024-11-21 14:00 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211506
|
4.3 |
MEDIUM
Physics
|
yubico
|
libykpiv
piv_tool_manager
yubikey_smart_card_minidriver
|
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-13131
|
2024-11-21 14:00 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211507
|
9.8 |
CRITICAL
Network
|
protocol
|
gossipsub
|
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
|
NVD-CWE-noinfo
|
CVE-2020-12821
|
2024-11-21 14:00 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211508
|
7.2 |
HIGH
Network
|
code42
|
code42
|
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the…
|
CWE-74
Injection
|
CVE-2020-12736
|
2024-11-21 14:00 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211509
|
8.8 |
HIGH
Network
|
obdev
|
little_snitch
|
Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code execut…
|
CWE-59
Link Following
|
CVE-2020-13095
|
2024-11-21 14:00 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211510
|
7.3 |
HIGH
Local
|
boolebox
|
boolebox
|
BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-13247
|
2024-11-21 14:00 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
