|
209731
|
7.5 |
HIGH
Network
|
vm-memory_project
|
vm-memory
|
rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects…
|
CWE-362
CWE-662
Race Condition
Improper Synchronization
|
CVE-2020-13759
|
2024-11-21 14:01 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209732
|
6.7 |
MEDIUM
Local
|
qemu
canonical
debian
|
qemu
ubuntu_linux
debian_linux
|
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-13754
|
2024-11-21 14:01 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209733
|
6.0 |
MEDIUM
Network
|
docker
fedoraproject
debian
broadcom
|
engine
fedora
debian_linux
sannav
|
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts…
|
CWE-20
Improper Input Validation
|
CVE-2020-13401
|
2024-11-21 14:01 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209734
|
2.5 |
LOW
Local
|
qemu
debian
opensuse
canonical
|
qemu
debian_linux
leap
ubuntu_linux
|
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-13659
|
2024-11-21 14:01 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209735
|
6.1 |
MEDIUM
Network
|
bitrix
|
bitrix24
|
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13758
|
2024-11-21 14:01 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209736
|
7.5 |
HIGH
Network
|
python-rsa_project
fedoraproject
canonical
|
python-rsa
fedora
ubuntu_linux
|
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application use…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-13757
|
2024-11-21 14:01 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209737
|
7.2 |
HIGH
Network
|
quickbox
|
quickbox
|
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain s…
|
CWE-306
CWE-269
Missing Authentication for Critical Function
Improper Privilege Management
|
CVE-2020-13695
|
2024-11-21 14:01 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209738
|
8.8 |
HIGH
Network
|
quickbox
|
quickbox
|
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary …
|
CWE-78
OS Command
|
CVE-2020-13694
|
2024-11-21 14:01 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209739
|
8.8 |
HIGH
Network
|
quickbox
|
quickbox
|
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.
|
CWE-78
OS Command
|
CVE-2020-13448
|
2024-11-21 14:01 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209740
|
7.8 |
HIGH
Local
|
youhua
|
windows_master
|
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact b…
|
CWE-20
Improper Input Validation
|
CVE-2020-13634
|
2024-11-21 14:01 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
