|
199671
|
5.8 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-28915
|
2024-11-21 14:23 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199672
|
7.1 |
HIGH
Local
|
katacontainers
|
kata-containers
|
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the f…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-28914
|
2024-11-21 14:23 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199673
|
8.8 |
HIGH
Network
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql_project
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql
|
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28688
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199674
|
8.8 |
HIGH
Network
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql_project
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql
|
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28687
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199675
|
5.4 |
MEDIUM
Network
|
progress
|
moveit_transfer
|
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-28647
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199676
|
8.8 |
HIGH
Network
|
horizontcms_project
|
horizontcms
|
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28693
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199677
|
7.2 |
HIGH
Network
|
gilacms
|
gila_cms
|
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28692
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199678
|
7.5 |
HIGH
Network
|
cloudavid
|
pparam
|
Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-28723
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199679
|
6.8 |
MEDIUM
Physics
|
vw
|
polo_firmware
|
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a me…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2020-28656
|
2024-11-21 14:23 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199680
|
5.4 |
MEDIUM
Network
|
wpbakery
|
page_builder
|
The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28650
|
2024-11-21 14:23 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
