|
210421
|
4.8 |
MEDIUM
Network
|
octobercms
|
october
|
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11083
|
2024-11-21 13:56 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210422
|
6.1 |
MEDIUM
Network
|
tenda
|
ac15_firmware
|
An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10989
|
2024-11-21 13:56 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210423
|
9.8 |
CRITICAL
Network
|
tenda
|
ac15_firmware
|
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-10988
|
2024-11-21 13:56 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210424
|
9.8 |
CRITICAL
Network
|
tenda
|
ac15_firmware
|
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
|
CWE-78
OS Command
|
CVE-2020-10987
|
2024-11-21 13:56 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210425
|
6.5 |
MEDIUM
Network
|
tenda
|
ac15_firmware
|
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacke…
|
CWE-352
Origin Validation Error
|
CVE-2020-10986
|
2024-11-21 13:56 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210426
|
7.4 |
HIGH
Network
|
bareos
debian
|
bareos
debian_linux
|
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initi…
|
-
|
CVE-2020-11061
|
2024-11-21 13:56 |
2020-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210427
|
8.2 |
HIGH
Local
|
linuxfoundation
|
osquery
|
osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll…
|
-
|
CVE-2020-11081
|
2024-11-21 13:56 |
2020-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210428
|
6.5 |
MEDIUM
Local
|
libslirp_project
redhat
canonical
debian
opensuse
|
libslirp
enterprise_linux
openstack
ubuntu_linux
debian_linux
leap
|
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo reques…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-10756
|
2024-11-21 13:56 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210429
|
6.5 |
MEDIUM
Network
|
samba
canonical
opensuse
fedoraproject
|
samba
ubuntu_linux
leap
fedora
|
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.
|
CWE-416
Use After Free
|
CVE-2020-10760
|
2024-11-21 13:56 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210430
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.6.6.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11074
|
2024-11-21 13:56 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
