|
208651
|
7.5 |
HIGH
Network
|
lightbend
|
play_framework
|
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-26882
|
2024-11-21 14:20 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208652
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge trigg…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-27152
|
2024-11-21 14:20 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208653
|
9.8 |
CRITICAL
Network
|
linuxfoundation
fedoraproject
|
nats-server
fedora
|
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-26892
|
2024-11-21 14:20 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208654
|
5.3 |
MEDIUM
Network
|
bouncycastle
|
legion-of-the-bouncy-castle-fips-java-api
legion-of-the-bouncy-castle
|
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inp…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-26939
|
2024-11-21 14:20 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208655
|
4.4 |
MEDIUM
Local
|
trendmicro
|
antivirus
|
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-27015
|
2024-11-21 14:20 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208656
|
6.4 |
MEDIUM
Local
|
trendmicro
|
antivirus
|
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel pan…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-27014
|
2024-11-21 14:20 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208657
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_firmware
|
Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3).
|
CWE-22
Path Traversal
|
CVE-2020-27160
|
2024-11-21 14:20 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208658
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_firmware
|
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114
|
CWE-78
OS Command
|
CVE-2020-27159
|
2024-11-21 14:20 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208659
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_firmware
|
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.
|
CWE-78
OS Command
|
CVE-2020-27158
|
2024-11-21 14:20 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208660
|
9.8 |
CRITICAL
Network
|
konzept-ix
|
publixone
|
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges…
|
NVD-CWE-noinfo
|
CVE-2020-27183
|
2024-11-21 14:20 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
