|
199241
|
7.8 |
HIGH
Local
|
apple
|
ipados
watchos
tvos
iphone_os
mac_os_x
icloud
macos
|
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29611
|
2024-11-21 14:24 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199242
|
5.5 |
MEDIUM
Local
|
apple
|
ipados
watchos
tvos
iphone_os
mac_os_x
macos
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-29610
|
2024-11-21 14:24 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199243
|
5.5 |
MEDIUM
Local
|
apple
|
ipados
watchos
tvos
iphone_os
mac_os_x
macos
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-29608
|
2024-11-21 14:24 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199244
|
8.8 |
HIGH
Network
|
getgrav
|
grav_cms
|
The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).
|
CWE-352
Origin Validation Error
|
CVE-2020-29553
|
2024-11-21 14:24 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199245
|
5.5 |
MEDIUM
Local
|
getgrav
|
grav_cms
|
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulner…
|
CWE-22
Path Traversal
|
CVE-2020-29556
|
2024-11-21 14:24 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199246
|
8.1 |
HIGH
Network
|
getgrav
|
grav_cms
|
The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vuln…
|
CWE-22
Path Traversal
|
CVE-2020-29555
|
2024-11-21 14:24 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199247
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_control_plus
|
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation.
|
NVD-CWE-noinfo
|
CVE-2020-29658
|
2024-11-21 14:24 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199248
|
5.3 |
MEDIUM
Network
|
atlassian
|
data_center
jira_server
jira_data_center
|
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attacker…
|
CWE-22
Path Traversal
|
CVE-2020-29453
|
2024-11-21 14:24 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199249
|
5.3 |
MEDIUM
Network
|
atlassian
|
confluence_server
confluence_data_center
|
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated r…
|
NVD-CWE-noinfo
|
CVE-2020-29448
|
2024-11-21 14:24 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199250
|
7.8 |
HIGH
Local
|
dji
|
mavic_2_firmware
|
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.
|
CWE-78
OS Command
|
CVE-2020-29664
|
2024-11-21 14:24 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
