|
203831
|
8.8 |
HIGH
Network
|
silverstripe
|
recipe
mimevalidator
|
Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-9309
|
2024-11-21 14:40 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203832
|
6.1 |
MEDIUM
Network
|
apache
|
ofbiz
|
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
|
CWE-79
CWE-502
Cross-site Scripting
Deserialization of Untrusted Data
|
CVE-2020-9496
|
2024-11-21 14:40 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203833
|
9.8 |
CRITICAL
Network
|
netflix
|
titus
|
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2020-9297
|
2024-11-21 14:40 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203834
|
6.5 |
MEDIUM
Adjacent
|
huawei
|
p30_firmware
p30_pro_firmware
|
HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain WI…
|
NVD-CWE-noinfo
|
CVE-2020-9260
|
2024-11-21 14:40 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203835
|
5.5 |
MEDIUM
Local
|
huawei
|
p30_firmware
|
HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper input verification vulnerability. An attribution in a module is not set correctly and some verification is l…
|
CWE-20
Improper Input Validation
|
CVE-2020-9258
|
2024-11-21 14:40 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203836
|
8.8 |
HIGH
Network
|
dlink
|
dir-610_firmware
|
D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
CWE-78
OS Command
|
CVE-2020-9377
|
2024-11-21 14:40 |
2020-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203837
|
7.5 |
HIGH
Network
|
dlink
|
dir-610_firmware
|
D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the …
|
CWE-74
Injection
|
CVE-2020-9376
|
2024-11-21 14:40 |
2020-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203838
|
8.0 |
HIGH
Adjacent
|
realtek
|
rtl8711af_firmware
rtl8711am_firmware
rtl8195am_firmware
rtl8710af_firmware
|
An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handsha…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-9395
|
2024-11-21 14:40 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203839
|
7.8 |
HIGH
Local
|
huawei
|
mate_30_firmware
|
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the …
|
CWE-416
Use After Free
|
CVE-2020-9262
|
2024-11-21 14:40 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203840
|
7.8 |
HIGH
Local
|
huawei
|
mate_30_firmware
|
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tric…
|
CWE-843
Type Confusion
|
CVE-2020-9261
|
2024-11-21 14:40 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
