|
208511
|
7.5 |
HIGH
Network
|
emerson
|
x-stream_enhanced_xegp_firmware
x-stream_enhanced_xegk_firmware
x-stream_enhanced_xefd_firmware
x-stream_enhanced_xexf_firmware
|
Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, whi…
|
CWE-287
Improper Authentication
|
CVE-2020-27254
|
2024-11-21 14:20 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208512
|
8.8 |
HIGH
Network
|
mitel
|
businesscti_enterprise
|
The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due…
|
CWE-20
Improper Input Validation
|
CVE-2020-27154
|
2024-11-21 14:20 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208513
|
4.8 |
MEDIUM
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27010
|
2024-11-21 14:20 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208514
|
7.5 |
HIGH
Network
|
magic_home_pro_project
|
magic_home_pro
|
The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication functi…
|
CWE-287
Improper Authentication
|
CVE-2020-27199
|
2024-11-21 14:20 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208515
|
6.5 |
MEDIUM
Network
|
tibco
|
partnerexpress
|
The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated logi…
|
NVD-CWE-noinfo
|
CVE-2020-27147
|
2024-11-21 14:20 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208516
|
9.8 |
CRITICAL
Network
|
google
|
android
|
Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel
|
NVD-CWE-noinfo
|
CVE-2020-27068
|
2024-11-21 14:20 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208517
|
6.4 |
MEDIUM
Local
|
google
|
android
|
In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ne…
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2020-27067
|
2024-11-21 14:20 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208518
|
6.7 |
MEDIUM
Local
|
google
|
android
|
In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges need…
|
CWE-416
CWE-667
Use After Free
Improper Locking
|
CVE-2020-27066
|
2024-11-21 14:20 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208519
|
3.3 |
LOW
Local
|
google
|
android
|
In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of gpu stat…
|
CWE-862
Missing Authorization
|
CVE-2020-27057
|
2024-11-21 14:20 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208520
|
3.3 |
LOW
Local
|
google
|
android
|
In SELinux policies of mls, there is a missing permission check. This could lead to local information disclosure of package metadata with no additional execution privileges needed. User interaction i…
|
CWE-862
Missing Authorization
|
CVE-2020-27056
|
2024-11-21 14:20 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
