|
196741
|
5.3 |
MEDIUM
Network
|
openfortivpn_project
fedoraproject
opensuse
|
openfortivpn
fedora
leap
backports_sle
|
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outco…
|
CWE-295
CWE-908
Improper Certificate Validation
Use of Uninitialized Resource
|
CVE-2020-7042
|
2024-11-21 14:36 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196742
|
5.3 |
MEDIUM
Network
|
openfortivpn_project
fedoraproject
opensuse
|
openfortivpn
fedora
leap
backports_sle
|
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a suc…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-7041
|
2024-11-21 14:36 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196743
|
6.5 |
MEDIUM
Adjacent
|
zte
|
e8820v3_firmware
|
ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker …
|
NVD-CWE-noinfo
|
CVE-2020-6864
|
2024-11-21 14:36 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196744
|
6.5 |
MEDIUM
Adjacent
|
zte
|
e8820v3_firmware
|
ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified UR…
|
NVD-CWE-noinfo
|
CVE-2020-6863
|
2024-11-21 14:36 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196745
|
7.2 |
HIGH
Network
|
dlink
|
dch-m225_firmware
|
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name.
|
CWE-78
OS Command
|
CVE-2020-6842
|
2024-11-21 14:36 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196746
|
9.8 |
CRITICAL
Network
|
dlink
|
dch-m225_firmware
|
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.
|
CWE-78
OS Command
|
CVE-2020-6841
|
2024-11-21 14:36 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196747
|
7.8 |
HIGH
Local
|
honeywell
|
inncom_inncontrol_firmware
|
Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files.
|
CWE-269
Improper Privilege Management
|
CVE-2020-6968
|
2024-11-21 14:36 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196748
|
6.8 |
MEDIUM
Physics
|
ge
|
vivid_e95_firmware
vivid_e90_firmware
vivid_s70n_firmware
vivid_t8_firmware
vivid_t9_firmware
vivid_iq_firmware
logiq_e10_firmware
logiq_e9_firmware
logiq_s8_firmware
logiq…
|
A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, res…
|
CWE-20
NVD-CWE-Other
Improper Input Validation
|
CVE-2020-6977
|
2024-11-21 14:36 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196749
|
9.8 |
CRITICAL
Network
|
emerson
|
openenterprise_scada_server
|
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6970
|
2024-11-21 14:36 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196750
|
6.1 |
MEDIUM
Network
|
topmanage
|
olk_webstore
|
An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6845
|
2024-11-21 14:36 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
