|
209831
|
9.0 |
CRITICAL
Network
|
pandorafms
|
pandora_fms
|
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run …
|
CWE-79
Cross-site Scripting
|
CVE-2020-11749
|
2024-11-21 13:58 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209832
|
9.8 |
CRITICAL
Network
|
microfocus
|
identity_manager
|
Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information expos…
|
NVD-CWE-noinfo
|
CVE-2020-11849
|
2024-11-21 13:58 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209833
|
6.1 |
MEDIUM
Network
|
telefonica
|
o2_business
|
The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either …
|
CWE-601
Open Redirect
|
CVE-2020-11882
|
2024-11-21 13:58 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209834
|
8.1 |
HIGH
Network
|
python
fedoraproject
canonical
|
pillow
fedora
ubuntu_linux
|
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-11538
|
2024-11-21 13:58 |
2020-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209835
|
5.3 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-11735
|
2024-11-21 13:58 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209836
|
7.5 |
HIGH
Network
|
mi
|
xiaomi_r3600_firmware
|
Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-11961
|
2024-11-21 13:58 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209837
|
9.8 |
CRITICAL
Network
|
mi
|
xiaomi_r3600_firmware
|
Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to po…
|
NVD-CWE-noinfo
|
CVE-2020-11960
|
2024-11-21 13:58 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209838
|
7.5 |
HIGH
Network
|
mi
|
xiaomi_r3600_firmware
|
An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.
|
NVD-CWE-noinfo
|
CVE-2020-11959
|
2024-11-21 13:58 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209839
|
7.8 |
HIGH
Local
|
winmagic
|
securedoc
|
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-11520
|
2024-11-21 13:58 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209840
|
7.8 |
HIGH
Local
|
winmagic
|
securedoc
|
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Exploiting this vulnerability results in …
|
NVD-CWE-noinfo
|
CVE-2020-11519
|
2024-11-21 13:58 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
