|
208651
|
7.5 |
HIGH
Network
|
yubico
fedoraproject
|
yubihsm-shell
fedora
|
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2020-24387
|
2024-11-21 14:14 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208652
|
6.5 |
MEDIUM
Network
|
free
|
freebox_server
freebox_v5_firmware
|
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-24375
|
2024-11-21 14:14 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208653
|
7.5 |
HIGH
Network
|
broadcom
fedoraproject
|
tcpreplay
fedora
|
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24266
|
2024-11-21 14:14 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208654
|
7.5 |
HIGH
Network
|
broadcom
fedoraproject
|
tcpreplay
fedora
|
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24265
|
2024-11-21 14:14 |
2020-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208655
|
6.1 |
MEDIUM
Network
|
magento
|
magento
|
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability coul…
|
-
|
CVE-2020-24408
|
2024-11-21 14:14 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208656
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2020-24352
|
2024-11-21 14:14 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208657
|
6.1 |
MEDIUM
Network
|
unitedplanet
|
intrexx
|
Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24188
|
2024-11-21 14:14 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208658
|
6.1 |
MEDIUM
Network
|
iproom
|
mmc\+
|
IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials.
|
CWE-601
Open Redirect
|
CVE-2020-24551
|
2024-11-21 14:14 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208659
|
6.1 |
MEDIUM
Network
|
hapifhir
|
testpage_overlay
|
Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's brow…
|
CWE-79
Cross-site Scripting
|
CVE-2020-24301
|
2024-11-21 14:14 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208660
|
7.5 |
HIGH
Network
|
peplink
|
balance_20x_firmware
balance_310x_firmware
mbx_firmware
epx_firmware
sdx_firmware
balance_30_lte_firmware
balance_20_firmware
balance_30_firmware
balance_30_pro_firmware
ba…
|
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.
|
NVD-CWE-noinfo
|
CVE-2020-24246
|
2024-11-21 14:14 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
