|
199311
|
8.8 |
HIGH
Local
|
xen
linux
netapp
debian
|
xen
linux_kernel
hci_compute_node_bios
solidfire_\&_hci_management_node
solidfire_\&_hci_storage_node
debian_linux
|
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when st…
|
CWE-416
Use After Free
|
CVE-2020-29569
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199312
|
6.2 |
MEDIUM
Local
|
xen
fedoraproject
|
xen
fedora
|
An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-29567
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199313
|
5.5 |
MEDIUM
Local
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has comple…
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-29566
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199314
|
5.6 |
MEDIUM
Network
|
golang
netapp
|
go
trident
|
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that be…
|
NVD-CWE-Other
|
CVE-2020-29511
|
2024-11-21 14:24 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199315
|
5.6 |
MEDIUM
Network
|
golang
netapp
|
go
trident
|
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave …
|
NVD-CWE-Other
|
CVE-2020-29510
|
2024-11-21 14:24 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199316
|
5.6 |
MEDIUM
Network
|
golang
netapp
|
go
trident
|
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that …
|
NVD-CWE-Other
|
CVE-2020-29509
|
2024-11-21 14:24 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199317
|
8.8 |
HIGH
Network
|
macally
|
wifisd2-2a82_firmware
|
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator acco…
|
CWE-287
Improper Authentication
|
CVE-2020-29669
|
2024-11-21 14:24 |
2020-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199318
|
7.8 |
HIGH
Local
|
westerndigital
|
dashboard
|
Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-29654
|
2024-11-21 14:24 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199319
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_os_5
|
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.
|
CWE-287
Improper Authentication
|
CVE-2020-29563
|
2024-11-21 14:24 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199320
|
6.1 |
MEDIUM
Network
|
smartystreets
|
liveaddressplugin.js
|
A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29455
|
2024-11-21 14:24 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
