|
209841
|
7.5 |
HIGH
Network
|
combodo
|
itop
|
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
|
CWE-200
Information Exposure
|
CVE-2020-12777
|
2024-11-21 14:00 |
2020-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209842
|
9.8 |
CRITICAL
Network
|
aerospike
|
aerospike_server
|
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code exe…
|
CWE-78
OS Command
|
CVE-2020-13151
|
2024-11-21 14:00 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209843
|
5.3 |
MEDIUM
Network
|
fanuc
|
series_30i_firmware
series_31i_firmware
series_32i-b_plus_firmware
series_35i-b_firmware
power_motion_i-model_a_firmware
series_0i-model_f_plus_firmware
series_0i-model_f_firmware
A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-12739
|
2024-11-21 14:00 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
209844
|
7.5 |
HIGH
Network
|
cherokee-project
|
cherokee
|
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resour…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-12845
|
2024-11-21 14:00 |
2020-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209845
|
5.5 |
MEDIUM
Local
|
pulsesecure
ivanti
|
pulse_connect_secure
connect_secure
pulse_policy_secure
policy_secure
|
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping in…
|
NVD-CWE-noinfo
|
CVE-2020-12880
|
2024-11-21 14:00 |
2020-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209846
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortios
|
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second fact…
|
CWE-287
CWE-178
Improper Authentication
Improper Handling of Case Sensitivity
|
CVE-2020-12812
|
2024-11-21 14:00 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209847
|
6.7 |
MEDIUM
Local
|
dlink
|
dsl-7740c_firmware
|
D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.
|
CWE-78
OS Command
|
CVE-2020-12774
|
2024-11-21 14:00 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209848
|
8.8 |
HIGH
Network
|
seczetta
|
neprofile
|
A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of t…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-12854
|
2024-11-21 14:00 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209849
|
9.8 |
CRITICAL
Network
|
inetsoftware
|
i-net_clear_reports
|
XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a we…
|
CWE-611
XXE
|
CVE-2020-12684
|
2024-11-21 14:00 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209850
|
4.6 |
MEDIUM
Physics
|
yubico
|
libykpiv
piv_tool_manager
yubikey_smart_card_minidriver
|
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. Thi…
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2020-13132
|
2024-11-21 14:00 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
