|
210211
|
8.8 |
HIGH
Network
|
buildah_project
redhat
|
buildah
enterprise_linux
openshift_container_platform
|
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write…
|
CWE-22
Path Traversal
|
CVE-2020-10696
|
2024-11-21 13:55 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210212
|
9.8 |
CRITICAL
Network
|
pam-krb5_project
debian
|
pam-krb5
debian_linux
|
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underly…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-10595
|
2024-11-21 13:55 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210213
|
9.8 |
CRITICAL
Network
|
paessler
|
prtg_network_monitor
|
A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot funct…
|
CWE-20
Improper Input Validation
|
CVE-2020-10374
|
2024-11-21 13:55 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210214
|
5.9 |
MEDIUM
Network
|
opensource-socialnetwork
|
open_source_social_network
|
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserv…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2020-10560
|
2024-11-21 13:55 |
2020-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210215
|
8.8 |
HIGH
Network
|
advantech
|
webaccess
|
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10607
|
2024-11-21 13:55 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210216
|
6.5 |
MEDIUM
Network
|
sun
|
ehrd
|
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality an…
|
CWE-863
Incorrect Authorization
|
CVE-2020-10510
|
2024-11-21 13:55 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210217
|
6.1 |
MEDIUM
Network
|
sun
|
ehrd
|
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10509
|
2024-11-21 13:55 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210218
|
7.5 |
HIGH
Network
|
sun
|
ehrd
|
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
|
NVD-CWE-noinfo
|
CVE-2020-10508
|
2024-11-21 13:55 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210219
|
9.8 |
CRITICAL
Network
|
codesys
|
control_for_plcnext
control_for_beaglebone
control_for_empc-a\/imx6
control_for_iot2000
control_for_linux
control_for_pfc100
control_for_pfc200
control_for_raspberry_pi
contro…
|
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10245
|
2024-11-21 13:55 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210220
|
7.8 |
HIGH
Local
|
asus
|
device_activation
|
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a part…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-10649
|
2024-11-21 13:55 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
