|
196711
|
7.8 |
HIGH
Local
|
apple
|
ipados
iphone_os
tvos
watchos
|
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code wit…
|
CWE-416
Use After Free
|
CVE-2020-9768
|
2024-11-21 14:41 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196712
|
9.8 |
CRITICAL
Network
|
weechat
debian
|
weechat
debian_linux
|
An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-9760
|
2024-11-21 14:41 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196713
|
7.8 |
HIGH
Local
|
lg
|
webos
|
A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker cou…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-9759
|
2024-11-21 14:41 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196714
|
9.8 |
CRITICAL
Network
|
naver
|
cloud_explorer
|
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2020-9752
|
2024-11-21 14:41 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196715
|
9.6 |
CRITICAL
Network
|
livezilla
|
livezilla
|
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the hel…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9758
|
2024-11-21 14:41 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196716
|
7.8 |
HIGH
Local
|
patriotmemory
|
viper_rgb_firmware
|
Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 byte…
|
NVD-CWE-noinfo
|
CVE-2020-9756
|
2024-11-21 14:41 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196717
|
9.8 |
CRITICAL
Network
|
unctad
|
asycuda_world
|
An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distribut…
|
NVD-CWE-noinfo
|
CVE-2020-9761
|
2024-11-21 14:41 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196718
|
9.8 |
CRITICAL
Network
|
craftcms
|
craft_cms
|
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
|
CWE-74
Injection
|
CVE-2020-9757
|
2024-11-21 14:41 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196719
|
9.1 |
CRITICAL
Network
|
naver
|
cloud_explorer
|
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-9751
|
2024-11-21 14:41 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196720
|
5.4 |
MEDIUM
Network
|
arcadyan
|
vrv9506jac23_firmware
|
Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9419
|
2024-11-21 14:40 |
2022-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
