|
209751
|
6.5 |
MEDIUM
Network
|
teradici
|
cloud_access_connector
|
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an atta…
|
CWE-287
Improper Authentication
|
CVE-2020-13185
|
2024-11-21 14:00 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209752
|
9.8 |
CRITICAL
Network
|
wavlink
|
wn575a4_firmware
wn579x3_firmware
|
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
|
CWE-77
Command Injection
|
CVE-2020-13117
|
2024-11-21 14:00 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209753
|
4.8 |
MEDIUM
Network
|
tufin
|
securechange
|
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be trigg…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13134
|
2024-11-21 14:00 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209754
|
6.1 |
MEDIUM
Network
|
tufin
|
securechange
|
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be trigg…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13133
|
2024-11-21 14:00 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209755
|
5.4 |
MEDIUM
Network
|
carbonite
|
server_backup_portal
|
OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13116
|
2024-11-21 14:00 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209756
|
9.8 |
CRITICAL
Network
|
gssproxy_project
debian
|
gssproxy
debian_linux
|
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when runn…
|
CWE-667
Improper Locking
|
CVE-2020-12658
|
2024-11-21 14:00 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209757
|
7.8 |
HIGH
Local
|
amd
|
vbios_flash_tool_software_development_kit
|
A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system.
|
NVD-CWE-noinfo
|
CVE-2020-12927
|
2024-11-21 14:00 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209758
|
6.4 |
MEDIUM
Physics
|
amd
|
trusted_platform_modules_reference
|
The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TP…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-12926
|
2024-11-21 14:00 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209759
|
5.5 |
MEDIUM
Local
|
amd
|
energy_driver_for_linux
|
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks.…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-12912
|
2024-11-21 14:00 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209760
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_firmware
|
Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devi…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-12830
|
2024-11-21 14:00 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
