|
209021
|
5.3 |
MEDIUM
Network
|
qt
debian
fedoraproject
|
qt
debian_linux
fedora
|
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-17507
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209022
|
9.8 |
CRITICAL
Network
|
articatech
|
web_proxy
|
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
|
CWE-89
SQL Injection
|
CVE-2020-17506
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209023
|
8.8 |
HIGH
Network
|
articatech
|
web_proxy
|
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_…
|
CWE-78
OS Command
|
CVE-2020-17505
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209024
|
8.1 |
HIGH
Adjacent
|
intel
|
inet_wireless_daemon
|
eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4.
|
NVD-CWE-noinfo
|
CVE-2020-17497
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209025
|
9.8 |
CRITICAL
Network
|
magic
debian
|
asyncpg
debian_linux
|
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized poi…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2020-17446
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209026
|
9.8 |
CRITICAL
Network
|
vbulletin
|
vbulletin
|
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete …
|
CWE-74
Injection
|
CVE-2020-17496
|
2024-11-21 14:08 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209027
|
7.5 |
HIGH
Network
|
django-celery-results_project
|
django-celery-results
|
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information th…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-17495
|
2024-11-21 14:08 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209028
|
4.3 |
MEDIUM
Physics
|
gnome
debian
canonical
opensuse
|
gnome-shell
debian_linux
ubuntu_linux
leap
|
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-17489
|
2024-11-21 14:08 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209029
|
7.5 |
HIGH
Network
|
radare
fedoraproject
|
radare2
fedora
|
radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_…
|
NVD-CWE-noinfo
|
CVE-2020-17487
|
2024-11-21 14:08 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209030
|
9.8 |
CRITICAL
Network
|
turcom
|
trcwifizone
|
Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses.
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2020-17466
|
2024-11-21 14:08 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
