|
196591
|
4.8 |
MEDIUM
Network
|
symantec
|
it_analytics
|
Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into we…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5838
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196592
|
5.5 |
MEDIUM
Local
|
f5
|
big-ip_access_policy_manager
big-ip_access_policy_manager_client
|
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoContr…
|
NVD-CWE-Other
|
CVE-2020-5898
|
2024-11-21 14:34 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196593
|
8.8 |
HIGH
Network
|
f5
|
big-ip_access_policy_manager
big-ip_access_policy_manager_client
|
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
|
CWE-416
Use After Free
|
CVE-2020-5897
|
2024-11-21 14:34 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196594
|
7.8 |
HIGH
Local
|
f5
|
big-ip_access_policy_manager
big-ip_access_policy_manager_client
|
On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5896
|
2024-11-21 14:34 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196595
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_protection
|
Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.
|
CWE-59
Link Following
|
CVE-2020-5837
|
2024-11-21 14:34 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196596
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_protection
|
Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled.
|
NVD-CWE-noinfo
|
CVE-2020-5836
|
2024-11-21 14:34 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196597
|
7.0 |
HIGH
Local
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine.
|
CWE-362
Race Condition
|
CVE-2020-5835
|
2024-11-21 14:34 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196598
|
5.3 |
MEDIUM
Network
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory.
|
CWE-22
Path Traversal
|
CVE-2020-5834
|
2024-11-21 14:34 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196599
|
3.3 |
LOW
Local
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of t…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-5833
|
2024-11-21 14:34 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196600
|
7.8 |
HIGH
Local
|
jalinfotec
|
pallet_control
|
Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows authenticated attackers to execute arbitrary code with the SYSTEM privilege on the computer where PALLET CONTROL is installed via…
|
NVD-CWE-noinfo
|
CVE-2020-5538
|
2024-11-21 14:34 |
2020-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
