|
209401
|
9.8 |
CRITICAL
Network
|
lua
|
lua
|
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-15889
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209402
|
8.8 |
HIGH
Network
|
lua
|
lua
|
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
|
CWE-125
CWE-787
CWE-416
Out-of-bounds Read
Out-of-bounds Write
Use After Free
|
CVE-2020-15888
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209403
|
7.8 |
HIGH
Local
|
360totalsecurity
|
360_total_security
|
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacki…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-15724
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209404
|
7.8 |
HIGH
Local
|
360totalsecurity
|
360_total_security
|
In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-15723
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209405
|
7.8 |
HIGH
Local
|
360totalsecurity
|
360_total_security
|
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could e…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-15722
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209406
|
7.5 |
HIGH
Network
|
bitwarden
|
server
|
Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8,…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-15879
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209407
|
8.8 |
HIGH
Network
|
librenms
|
librenms
|
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
|
NVD-CWE-noinfo
|
CVE-2020-15877
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209408
|
6.5 |
MEDIUM
Network
|
librenms
|
librenms
|
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
|
CWE-89
SQL Injection
|
CVE-2020-15873
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209409
|
3.3 |
LOW
Local
|
qemu
debian
|
qemu
debian_linux
|
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
|
CWE-416
Use After Free
|
CVE-2020-15859
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209410
|
9.8 |
CRITICAL
Network
|
mruby
debian
|
mruby
debian_linux
|
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-15866
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
