|
210351
|
4.4 |
MEDIUM
Local
|
iobit
|
malware_fighter
|
IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link.
|
CWE-59
Link Following
|
CVE-2020-15401
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210352
|
4.3 |
MEDIUM
Network
|
cakefoundation
|
cakephp
|
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2020-15400
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210353
|
7.8 |
HIGH
Local
|
hylafax\+_project
ifax
|
hylafax\+
hylafax_enterprise
|
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uuc…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15397
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210354
|
7.8 |
HIGH
Local
|
hylafax\+_project
ifax
fedoraproject
opensuse
|
hylafax\+
hylafax_enterprise
fedora
leap
backports_sle
|
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to…
|
CWE-362
Race Condition
|
CVE-2020-15396
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210355
|
7.8 |
HIGH
Local
|
mediaarea
fedoraproject
|
mediainfo
fedora
|
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).
|
CWE-125
Out-of-bounds Read
|
CVE-2020-15395
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210356
|
5.5 |
MEDIUM
Local
|
linux
debian
opensuse
canonical
|
linux_kernel
debian_linux
leap
ubuntu_linux
|
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-15393
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210357
|
6.5 |
MEDIUM
Network
|
uclouvain
debian
oracle
|
openjpeg
debian_linux
outside_in_technology
|
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a dou…
|
CWE-416
Use After Free
|
CVE-2020-15389
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210358
|
5.5 |
MEDIUM
Local
|
asrock
|
rgb_driver_firmware
|
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.
|
NVD-CWE-noinfo
|
CVE-2020-15368
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210359
|
9.8 |
CRITICAL
Network
|
thingssdk
|
wifiscanner
|
wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this …
|
CWE-78
OS Command
|
CVE-2020-15362
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210360
|
9.8 |
CRITICAL
Network
|
zyxel
|
cloud_cnm_secumanager
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-15324
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
