|
210931
|
7.8 |
HIGH
Local
|
qbik
|
wingate
|
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-13866
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210932
|
7.3 |
HIGH
Local
|
solarwinds
|
advanced_monitoring_agent
|
SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-13912
|
2024-11-21 14:02 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210933
|
9.1 |
CRITICAL
Network
|
pengutronix
|
barebox
|
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds che…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-13910
|
2024-11-21 14:02 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210934
|
9.8 |
CRITICAL
Network
|
facade
|
ignition
|
The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. NOTE: in the 1.x series, versions 1.16.15 and later are unaffected as a consequence of the CVE-2021…
|
NVD-CWE-noinfo
|
CVE-2020-13909
|
2024-11-21 14:02 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210935
|
5.5 |
MEDIUM
Local
|
ffmpeg
canonical
debian
|
ffmpeg
ubuntu_linux
debian_linux
|
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_inp…
|
CWE-416
Use After Free
|
CVE-2020-13904
|
2024-11-21 14:02 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210936
|
7.1 |
HIGH
Local
|
imagemagick
|
imagemagick
|
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-13902
|
2024-11-21 14:02 |
2020-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210937
|
6.1 |
MEDIUM
Network
|
hesk
|
hesk
|
HESK before 3.1.10 allows reflected XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13897
|
2024-11-21 14:02 |
2020-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210938
|
8.8 |
HIGH
Network
|
p5-crypt-perl_project
|
p5-crypt-perl
|
Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-13895
|
2024-11-21 14:02 |
2020-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210939
|
7.5 |
HIGH
Network
|
dext5
|
dext5
|
handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13894
|
2024-11-21 14:02 |
2020-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210940
|
5.4 |
MEDIUM
Network
|
laborator
|
neon
|
The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13890
|
2024-11-21 14:02 |
2020-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
