|
208521
|
9.8 |
CRITICAL
Network
|
portainer
|
portainer
|
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and n…
|
CWE-863
Incorrect Authorization
|
CVE-2020-24264
|
2024-11-21 14:14 |
2021-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208522
|
8.8 |
HIGH
Network
|
portainer
|
portainer
|
Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical c…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-24263
|
2024-11-21 14:14 |
2021-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208523
|
8.8 |
HIGH
Network
|
thedaylightstudio
|
fuel_cms
|
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-23722
|
2024-11-21 14:14 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208524
|
5.4 |
MEDIUM
Network
|
thedaylightstudio
|
fuel_cms
|
An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23721
|
2024-11-21 14:14 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208525
|
7.8 |
HIGH
Local
|
drweb
|
security_space
|
Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-23967
|
2024-11-21 14:14 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208526
|
8.8 |
HIGH
Network
|
fork-cms
|
fork_cms
|
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-24036
|
2024-11-21 14:14 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208527
|
6.7 |
MEDIUM
Local
|
tpm2_software_stack_project
fedoraproject
|
tpm2_software_stack
fedora
|
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.…
|
CWE-909
Missing Initialization of Resource
|
CVE-2020-24455
|
2024-11-21 14:14 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208528
|
7.8 |
HIGH
Local
|
yz1
|
yz1
|
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filena…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24175
|
2024-11-21 14:14 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208529
|
5.9 |
MEDIUM
Network
|
tweetstream_project
|
tweetstream
|
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24393
|
2024-11-21 14:14 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208530
|
5.9 |
MEDIUM
Network
|
twitter-stream_project
|
twitter-stream
|
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24392
|
2024-11-21 14:14 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
