|
209411
|
7.8 |
HIGH
Local
|
linux
xen
netapp
|
linux_kernel
xen
cloud_backup
steelstore_cloud_integrated_storage
solidfire_baseboard_management_controller
|
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs b…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-15852
|
2024-11-21 14:06 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209412
|
8.1 |
HIGH
Network
|
liferay
|
liferay_portal
dxp
|
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serial…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-15842
|
2024-11-21 14:06 |
2020-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209413
|
8.8 |
HIGH
Network
|
liferay
|
liferay_portal
dxp
|
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attacke…
|
NVD-CWE-noinfo
|
CVE-2020-15841
|
2024-11-21 14:06 |
2020-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209414
|
8.8 |
HIGH
Network
|
westerndigital
|
wd_discovery
|
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-15816
|
2024-11-21 14:06 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209415
|
6.5 |
MEDIUM
Network
|
gnu
|
libredwg
|
GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-15807
|
2024-11-21 14:06 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209416
|
8.1 |
HIGH
Network
|
graylog
|
graylog
|
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15813
|
2024-11-21 14:06 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209417
|
6.1 |
MEDIUM
Network
|
zabbix
fedoraproject
debian
opensuse
|
zabbix
fedora
debian_linux
leap
backports
|
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15803
|
2024-11-21 14:06 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209418
|
9.8 |
CRITICAL
Network
|
python
netapp
|
python
max_data
|
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file)…
|
CWE-426
Untrusted Search Path
|
CVE-2020-15801
|
2024-11-21 14:06 |
2020-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209419
|
6.7 |
MEDIUM
Local
|
linux
opensuse
canonical
|
linux_kernel
leap
ubuntu_linux
|
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot…
|
CWE-862
Missing Authorization
|
CVE-2020-15780
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209420
|
7.5 |
HIGH
Network
|
socket.io-file_project
|
socket.io-file
|
A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir an…
|
CWE-22
Path Traversal
|
CVE-2020-15779
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
