|
210141
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), and Q(10.0) (Broadcom chipsets) software. A kernel driver heap overflow leads to arbitrary code execution. The Samsung ID is SVE…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10829
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210142
|
9.8 |
CRITICAL
Network
|
graphicsmagick
debian
opensuse
|
graphicsmagick
debian_linux
leap
backports
|
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-10938
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210143
|
7.2 |
HIGH
Network
|
acyba
|
acymailing
|
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10934
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210144
|
7.5 |
HIGH
Network
|
memcached
|
memcached
|
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-10931
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210145
|
9.8 |
CRITICAL
Network
|
rconfig
|
rconfig
|
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
|
CWE-78
OS Command
|
CVE-2020-10879
|
2024-11-21 13:56 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210146
|
7.5 |
HIGH
Network
|
zebra
|
fx9500_firmware
|
Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp.
|
CWE-22
Path Traversal
|
CVE-2020-10875
|
2024-11-21 13:56 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210147
|
7.5 |
HIGH
Network
|
motorola
|
fx9500-41324d41-us_firmware
fx9500-41324d41-ww_firmware
fx9500-81324d41-us_firmware
fx9500-81324d41-ww_firmware
|
Motorola FX9500 devices allow remote attackers to read database files.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10874
|
2024-11-21 13:56 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210148
|
5.3 |
MEDIUM
Network
|
openwrt
|
luci
|
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances r…
|
CWE-200
Information Exposure
|
CVE-2020-10871
|
2024-11-21 13:56 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210149
|
5.5 |
MEDIUM
Local
|
zim-wiki
|
zim
|
Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, re…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-10870
|
2024-11-21 13:56 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210150
|
8.8 |
HIGH
Network
|
codeigniter
|
codeigniter
|
CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the is…
|
CWE-269
Improper Privilege Management
|
CVE-2020-10793
|
2024-11-21 13:56 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
