|
198481
|
6.0 |
MEDIUM
Local
|
qemu
fedoraproject
|
qemu
fedora
|
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callba…
|
-
|
CVE-2020-35503
|
2024-11-21 14:27 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198482
|
6.7 |
MEDIUM
Local
|
qemu
|
qemu
|
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw…
|
-
|
CVE-2020-35506
|
2024-11-21 14:27 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198483
|
4.4 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This f…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-35505
|
2024-11-21 14:27 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198484
|
6.0 |
MEDIUM
Local
|
qemu
fedoraproject
debian
|
qemu
fedora
debian_linux
|
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in …
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-35504
|
2024-11-21 14:27 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198485
|
7.5 |
HIGH
Network
|
searchblox
|
searchblox
|
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet…
|
CWE-22
Path Traversal
|
CVE-2020-35580
|
2024-11-21 14:27 |
2021-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198486
|
6.1 |
MEDIUM
Network
|
kamalkhan
|
kk_star_ratings
|
Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35438
|
2024-11-21 14:27 |
2021-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198487
|
7.8 |
HIGH
Local
|
linux
netapp
|
linux_kernel
cloud_backup
solidfire_baseboard_management_controller_firmware
h300s_firmware
h500s_firmware
h700s_firmware
h300e_firmware
h500e_firmware
h700e_firmware
h410s…
|
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the sy…
|
-
|
CVE-2020-35519
|
2024-11-21 14:27 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198488
|
9.8 |
CRITICAL
Network
|
inxedu
|
inxedu
|
SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem.
|
CWE-89
SQL Injection
|
CVE-2020-35430
|
2024-11-21 14:27 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198489
|
5.4 |
MEDIUM
Network
|
unisys
|
data_exchange_management_studio
|
Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35542
|
2024-11-21 14:27 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198490
|
9.8 |
CRITICAL
Network
|
wondercms
|
wondercms
|
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary cod…
|
CWE-78
OS Command
|
CVE-2020-35314
|
2024-11-21 14:27 |
2021-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
