|
209511
|
9.8 |
CRITICAL
Network
|
daemonology
|
bsdiff
|
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the san…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14315
|
2024-11-21 14:02 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209512
|
5.5 |
MEDIUM
Local
|
linux
debian
canonical
starwindsoftware
|
linux_kernel
debian_linux
ubuntu_linux
starwind_virtual_san
|
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to…
|
-
|
CVE-2020-14314
|
2024-11-21 14:02 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209513
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the k…
|
-
|
CVE-2020-14304
|
2024-11-21 14:02 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209514
|
9.8 |
CRITICAL
Network
|
mi
|
r3600_firmware
|
In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.
|
CWE-77
Command Injection
|
CVE-2020-14100
|
2024-11-21 14:02 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209515
|
9.8 |
CRITICAL
Network
|
mi
|
xiaomi_ai_speaker_firmware
|
Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-14096
|
2024-11-21 14:02 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209516
|
7.5 |
HIGH
Network
|
bitcoin
|
bitcoin_core
|
Bitcoin Core 0.20.0 allows remote denial of service.
|
NVD-CWE-noinfo
|
CVE-2020-14198
|
2024-11-21 14:02 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209517
|
5.9 |
MEDIUM
Network
|
apache
oracle
debian
|
activemq
flexcube_private_banking
communications_diameter_signaling_router
debian_linux
|
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and ca…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-13920
|
2024-11-21 14:02 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209518
|
5.7 |
MEDIUM
Adjacent
|
health
|
covidsafe
|
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection o…
|
NVD-CWE-noinfo
|
CVE-2020-14292
|
2024-11-21 14:02 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209519
|
7.2 |
HIGH
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-14008
|
2024-11-21 14:02 |
2020-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209520
|
6.1 |
MEDIUM
Network
|
enghouse
|
web_chat
|
Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13972
|
2024-11-21 14:02 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
