|
197221
|
6.4 |
MEDIUM
Local
|
lenovo
|
bladecenter_hs23_firmware
bladecenter_hs23e_firmware
compute_node-x440_firmware
flex_system_x220_firmware
flex_system_x240_firmware
flex_system_x440_firmware
nextscale_nx360_m4_firm…
|
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-8332
|
2024-11-21 14:38 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197222
|
4.3 |
MEDIUM
Network
|
nextcloud
|
deck
|
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-8235
|
2024-11-21 14:38 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197223
|
5.3 |
MEDIUM
Network
|
nextcloud
opensuse
|
preferred_providers
leap
backports_sle
|
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-8228
|
2024-11-21 14:38 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197224
|
6.5 |
MEDIUM
Network
|
nextcloud
fedoraproject
|
nextcloud_server
fedora
|
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.
|
CWE-269
Improper Privilege Management
|
CVE-2020-8223
|
2024-11-21 14:38 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197225
|
8.0 |
HIGH
Network
|
nextcloud
|
deck
|
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-8182
|
2024-11-21 14:38 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197226
|
7.5 |
HIGH
Network
|
bitdefender
|
engines
|
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized me…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2020-8110
|
2024-11-21 14:38 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197227
|
7.5 |
HIGH
Network
|
bitdefender
|
engines
|
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This ca…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-8109
|
2024-11-21 14:38 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197228
|
4.9 |
MEDIUM
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
connect_secure
|
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Enti…
|
CWE-611
XXE
|
CVE-2020-8256
|
2024-11-21 14:38 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197229
|
7.2 |
HIGH
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
pulse_policy_secure
policy_secure
connect_secure
|
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
|
CWE-94
Code Injection
|
CVE-2020-8243
|
2024-11-21 14:38 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197230
|
6.1 |
MEDIUM
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
pulse_policy_secure
policy_secure
connect_secure
|
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).
|
CWE-79
Cross-site Scripting
|
CVE-2020-8238
|
2024-11-21 14:38 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
