|
209221
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.
|
CWE-89
SQL Injection
|
CVE-2020-27733
|
2024-11-21 14:21 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209222
|
5.5 |
MEDIUM
Local
|
totolink
|
a702r_firmware
|
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-27368
|
2024-11-21 14:21 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209223
|
9.8 |
CRITICAL
Network
|
loxone
|
miniserver_gen_1_firmware
|
Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices (or atta…
|
CWE-287
Improper Authentication
|
CVE-2020-27488
|
2024-11-21 14:21 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209224
|
9.8 |
CRITICAL
Network
|
r-project
|
cran
|
The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD…
|
CWE-22
Path Traversal
|
CVE-2020-27637
|
2024-11-21 14:21 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209225
|
7.8 |
HIGH
Local
|
deltaww
|
cncsoft-b
|
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code.
|
CWE-843
Type Confusion
|
CVE-2020-27293
|
2024-11-21 14:21 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209226
|
7.8 |
HIGH
Local
|
deltaww
|
cncsoft-b
|
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-27291
|
2024-11-21 14:21 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209227
|
7.8 |
HIGH
Local
|
deltaww
|
cncsoft-b
|
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-27289
|
2024-11-21 14:21 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209228
|
4.4 |
MEDIUM
Local
|
linux
|
infiniband_hfi1_driver
|
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash…
|
-
|
CVE-2020-27835
|
2024-11-21 14:21 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209229
|
5.5 |
MEDIUM
Local
|
uclouvain
fedoraproject
debian
oracle
|
openjpeg
fedora
debian_linux
outside_in_technology
|
There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an o…
|
-
|
CVE-2020-27845
|
2024-11-21 14:21 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209230
|
7.8 |
HIGH
Local
|
uclouvain
debian
oracle
|
openjpeg
debian_linux
outside_in_technology
|
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bou…
|
-
|
CVE-2020-27844
|
2024-11-21 14:21 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
