|
202541
|
9.8 |
CRITICAL
Network
|
insyde
|
insydeh2o_uefi_bios
|
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.
|
NVD-CWE-noinfo
|
CVE-2020-5955
|
2024-11-21 14:34 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202542
|
5.4 |
MEDIUM
Network
|
sixapart
|
movable_type
|
Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitra…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5669
|
2024-11-21 14:34 |
2021-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202543
|
6.8 |
MEDIUM
Network
|
dell
|
emc_openmanage_enterprise
|
Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this…
|
CWE-22
Path Traversal
|
CVE-2020-5370
|
2024-11-21 14:34 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202544
|
5.9 |
MEDIUM
Network
|
tenable
|
nessus_amazon_machine_image
|
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-5812
|
2024-11-21 14:34 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202545
|
8.8 |
HIGH
Network
|
infoscience
|
elc_analytics
logstorage
|
Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.
|
CWE-78
OS Command
|
CVE-2020-5626
|
2024-11-21 14:34 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202546
|
6.0 |
MEDIUM
Network
|
vmware
|
spring_cloud_task
|
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
|
CWE-89
SQL Injection
|
CVE-2020-5428
|
2024-11-21 14:34 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202547
|
7.2 |
HIGH
Network
|
vmware
|
spring_cloud_data_flow
|
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
|
CWE-89
SQL Injection
|
CVE-2020-5427
|
2024-11-21 14:34 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202548
|
7.5 |
HIGH
Network
|
nec
|
univerge_sv9500_firmware
univerge_sv8500_firmware
|
Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature an…
|
CWE-287
Improper Authentication
|
CVE-2020-5686
|
2024-11-21 14:34 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202549
|
9.8 |
CRITICAL
Network
|
nec
|
univerge_sv9500_firmware
univerge_sv8500_firmware
|
UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted req…
|
CWE-78
OS Command
|
CVE-2020-5685
|
2024-11-21 14:34 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202550
|
9.8 |
CRITICAL
Network
|
nec
|
baseboard_management_controller
|
Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Control…
|
CWE-287
Improper Authentication
|
CVE-2020-5633
|
2024-11-21 14:34 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
