|
209851
|
4.3 |
MEDIUM
Physics
|
yubico
|
libykpiv
piv_tool_manager
yubikey_smart_card_minidriver
|
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-13131
|
2024-11-21 14:00 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209852
|
9.8 |
CRITICAL
Network
|
protocol
|
gossipsub
|
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
|
NVD-CWE-noinfo
|
CVE-2020-12821
|
2024-11-21 14:00 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209853
|
7.2 |
HIGH
Network
|
code42
|
code42
|
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the…
|
CWE-74
Injection
|
CVE-2020-12736
|
2024-11-21 14:00 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209854
|
8.8 |
HIGH
Network
|
obdev
|
little_snitch
|
Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code execut…
|
CWE-59
Link Following
|
CVE-2020-13095
|
2024-11-21 14:00 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209855
|
7.3 |
HIGH
Local
|
boolebox
|
boolebox
|
BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-13247
|
2024-11-21 14:00 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209856
|
5.4 |
MEDIUM
Network
|
boolebox
|
boolebox
|
BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13248
|
2024-11-21 14:00 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209857
|
5.7 |
MEDIUM
Adjacent
|
sane-project
canonical
opensuse
|
sane_backends
ubuntu_linux
leap
|
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-12866
|
2024-11-21 14:00 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209858
|
8.0 |
HIGH
Adjacent
|
sane-project
debian
canonical
opensuse
|
sane_backends
debian_linux
ubuntu_linux
leap
|
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-12865
|
2024-11-21 14:00 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209859
|
4.3 |
MEDIUM
Adjacent
|
sane-project
opensuse
canonical
|
sane_backends
leap
ubuntu_linux
|
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the prog…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-12864
|
2024-11-21 14:00 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209860
|
4.3 |
MEDIUM
Adjacent
|
sane-project
debian
canonical
opensuse
|
sane_backends
debian_linux
ubuntu_linux
leap
|
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the prog…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-12863
|
2024-11-21 14:00 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
