|
209271
|
5.5 |
MEDIUM
Local
|
canonical
|
ppp
|
The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment v…
|
CWE-20
Improper Input Validation
|
CVE-2020-15704
|
2024-11-21 14:06 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209272
|
7.5 |
HIGH
Network
|
linuxfoundation
|
acrn
|
Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/…
|
NVD-CWE-Other
|
CVE-2020-15687
|
2024-11-21 14:06 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209273
|
3.5 |
LOW
Adjacent
|
mercedes-benz
|
comand
|
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-16142
|
2024-11-21 14:06 |
2020-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209274
|
5.4 |
MEDIUM
Network
|
osticket
|
osticket
|
osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.
|
CWE-79
Cross-site Scripting
|
CVE-2020-16193
|
2024-11-21 14:06 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209275
|
4.3 |
MEDIUM
Network
|
octopus
|
server
octopus_server
|
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentia…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-16197
|
2024-11-21 14:06 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209276
|
7.8 |
HIGH
Local
|
gradle
|
maven
|
An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-15777
|
2024-11-21 14:06 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209277
|
6.4 |
MEDIUM
Physics
|
thalesgroup
|
bgs5_firmware
ehs5_firmware
ehs8_firmware
ehs6_firmware
pds5_firmware
pds6_firmware
els61_firmware
els81_firmware
pls62_firmware
|
Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be…
|
CWE-22
Path Traversal
|
CVE-2020-15858
|
2024-11-21 14:06 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209278
|
7.8 |
HIGH
Local
|
net-snmp
canonical
netapp
|
net-snmp
ubuntu_linux
cloud_backup
smi-s_provider
solidfire
hci_management_node
|
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
|
CWE-269
Improper Privilege Management
|
CVE-2020-15862
|
2024-11-21 14:06 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209279
|
7.8 |
HIGH
Local
|
net-snmp
canonical
netapp
|
net-snmp
ubuntu_linux
cloud_backup
smi-s_provider
solidfire_\&_hci_management_node
|
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
|
CWE-59
Link Following
|
CVE-2020-15861
|
2024-11-21 14:06 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209280
|
6.1 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15926
|
2024-11-21 14:06 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
