|
210981
|
8.8 |
HIGH
Network
|
thedaylightstudio
|
fuel_cms
|
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-23722
|
2024-11-21 14:14 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210982
|
5.4 |
MEDIUM
Network
|
thedaylightstudio
|
fuel_cms
|
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23721
|
2024-11-21 14:14 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210983
|
7.8 |
HIGH
Local
|
drweb
|
security_space
|
Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-23967
|
2024-11-21 14:14 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210984
|
8.8 |
HIGH
Network
|
fork-cms
|
fork_cms
|
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-24036
|
2024-11-21 14:14 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210985
|
6.7 |
MEDIUM
Local
|
tpm2_software_stack_project
fedoraproject
|
tpm2_software_stack
fedora
|
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.…
|
CWE-909
Missing Initialization of Resource
|
CVE-2020-24455
|
2024-11-21 14:14 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210986
|
7.8 |
HIGH
Local
|
yz1
|
yz1
|
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filena…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24175
|
2024-11-21 14:14 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210987
|
5.9 |
MEDIUM
Network
|
tweetstream_project
|
tweetstream
|
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24393
|
2024-11-21 14:14 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210988
|
5.9 |
MEDIUM
Network
|
twitter-stream_project
|
twitter-stream
|
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24392
|
2024-11-21 14:14 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210989
|
4.4 |
MEDIUM
Local
|
intel
|
ethernet_network_adapter_700_firmware
|
Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local acce…
|
CWE-20
Improper Input Validation
|
CVE-2020-24505
|
2024-11-21 14:14 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210990
|
5.5 |
MEDIUM
Local
|
intel
|
ethernet_network_adapter_e810_firmware
|
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local acces…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-24504
|
2024-11-21 14:14 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
