|
196261
|
9.8 |
CRITICAL
Network
|
unctad
|
asycuda_world
|
An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distribut…
|
NVD-CWE-noinfo
|
CVE-2020-9761
|
2024-11-21 14:41 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196262
|
9.8 |
CRITICAL
Network
|
craftcms
|
craft_cms
|
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
|
CWE-74
Injection
|
CVE-2020-9757
|
2024-11-21 14:41 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196263
|
9.1 |
CRITICAL
Network
|
naver
|
cloud_explorer
|
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-9751
|
2024-11-21 14:41 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196264
|
5.4 |
MEDIUM
Network
|
arcadyan
|
vrv9506jac23_firmware
|
Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9419
|
2024-11-21 14:40 |
2022-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196265
|
6.5 |
MEDIUM
Network
|
arcadyan
|
vrv9506jac23_firmware
|
The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative cred…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-9420
|
2024-11-21 14:40 |
2022-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196266
|
6.8 |
MEDIUM
Physics
|
sonos
|
one_firmware
|
Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that host…
|
NVD-CWE-noinfo
|
CVE-2020-9285
|
2024-11-21 14:40 |
2022-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196267
|
7.5 |
HIGH
Network
|
huawei
|
magic_ui
emui
|
There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr.
|
NVD-CWE-Other
|
CVE-2020-9158
|
2024-11-21 14:40 |
2021-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196268
|
9.8 |
CRITICAL
Network
|
apache
qos
|
chainsaw
log4j
reload4j
|
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-9493
|
2024-11-21 14:40 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196269
|
7.8 |
HIGH
Local
|
acronis
|
true_image_2020
|
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate fr…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-9450
|
2024-11-21 14:40 |
2021-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196270
|
7.8 |
HIGH
Local
|
acronis
|
true_image_2020
|
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to anot…
|
CWE-59
Link Following
|
CVE-2020-9452
|
2024-11-21 14:40 |
2021-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
