|
210441
|
9.8 |
CRITICAL
Network
|
linux-pam
|
linux-pam
|
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of …
|
-
|
CVE-2020-27780
|
2024-11-21 14:21 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210442
|
6.7 |
MEDIUM
Local
|
linux
redhat
|
linux_kernel
enterprise_linux
openshift_container_platform
|
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors …
|
-
|
CVE-2020-27777
|
2024-11-21 14:21 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210443
|
9.8 |
CRITICAL
Network
|
f5
netapp
|
nginx_controller
cloud_backup
|
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
|
CWE-22
Path Traversal
|
CVE-2020-27730
|
2024-11-21 14:21 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210444
|
7.5 |
HIGH
Network
|
f5
|
big-ip_advanced_firewall_manager
|
In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the conne…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-27713
|
2024-11-21 14:21 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210445
|
5.7 |
MEDIUM
Local
|
linux
redhat
debian
netapp
|
linux_kernel
enterprise_linux
enterprise_mrg
debian_linux
cloud_backup
solidfire_baseboard_management_controller_firmware
h410c_firmware
|
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, m…
|
-
|
CVE-2020-27825
|
2024-11-21 14:21 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210446
|
7.5 |
HIGH
Network
|
frappe
|
frappe
|
In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
|
NVD-CWE-noinfo
|
CVE-2020-27508
|
2024-11-21 14:21 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210447
|
7.8 |
HIGH
Local
|
linux
redhat
netapp
|
linux_kernel
enterprise_linux
openshift_container_platform
enterprise_mrg
cloud_backup
solidfire_baseboard_management_controller
|
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.…
|
-
|
CVE-2020-27786
|
2024-11-21 14:21 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210448
|
7.8 |
HIGH
Local
|
jasper_project
fedoraproject
|
jasper
fedora
|
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data co…
|
-
|
CVE-2020-27828
|
2024-11-21 14:21 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210449
|
2.8 |
LOW
Local
|
debian
|
advanced_package_tool
|
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prio…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2020-27351
|
2024-11-21 14:21 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210450
|
5.7 |
MEDIUM
Local
|
debian
netapp
|
advanced_package_tool
solidfire_baseboard_management_controller_firmware
|
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfi…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-27350
|
2024-11-21 14:21 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
