|
210011
|
4.3 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks…
|
NVD-CWE-noinfo
|
CVE-2020-12286
|
2024-11-21 13:59 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210012
|
9.8 |
CRITICAL
Network
|
ffmpeg
canonical
debian
|
ffmpeg
ubuntu_linux
debian_linux
|
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-12284
|
2024-11-21 13:59 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210013
|
8.8 |
HIGH
Network
|
opmantek
|
open-audit
|
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address t…
|
CWE-78
OS Command
|
CVE-2020-12078
|
2024-11-21 13:59 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210014
|
9.8 |
CRITICAL
Network
|
libgit2
debian
|
libgit2
debian_linux
|
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when c…
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2020-12279
|
2024-11-21 13:59 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210015
|
9.8 |
CRITICAL
Network
|
libgit2
debian
|
libgit2
debian_linux
|
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution…
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2020-12278
|
2024-11-21 13:59 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210016
|
7.5 |
HIGH
Network
|
wavlink
|
wl-wn579g3_firmware
wl-wn575a3_firmware
wl-wn530hg4_firmware
wn531g3_firmware
wn533a8_firmware
wn531a6_firmware
wn551k1_firmware
wn535g3_firmware
wn530h4_firmware
wn57x93_f…
|
An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-12266
|
2024-11-21 13:59 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210017
|
7.8 |
HIGH
Local
|
valvesoftware
|
source
|
Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account.
|
CWE-78
OS Command
|
CVE-2020-12242
|
2024-11-21 13:59 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210018
|
8.8 |
HIGH
Network
|
amd
|
atillk64
|
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space o…
|
CWE-862
Missing Authorization
|
CVE-2020-12138
|
2024-11-21 13:59 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210019
|
9.8 |
CRITICAL
Network
|
farukawa
|
electric_consciousmap
|
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-12133
|
2024-11-21 13:59 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210020
|
7.5 |
HIGH
Network
|
prestashop
|
correos_express
|
The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attack…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-12120
|
2024-11-21 13:59 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
