|
196951
|
7.0 |
HIGH
Local
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine.
|
CWE-362
Race Condition
|
CVE-2020-5835
|
2024-11-21 14:34 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196952
|
5.3 |
MEDIUM
Network
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory.
|
CWE-22
Path Traversal
|
CVE-2020-5834
|
2024-11-21 14:34 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196953
|
3.3 |
LOW
Local
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of t…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-5833
|
2024-11-21 14:34 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196954
|
7.8 |
HIGH
Local
|
jalinfotec
|
pallet_control
|
Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows authenticated attackers to execute arbitrary code with the SYSTEM privilege on the computer where PALLET CONTROL is installed via…
|
NVD-CWE-noinfo
|
CVE-2020-5538
|
2024-11-21 14:34 |
2020-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196955
|
7.2 |
HIGH
Network
|
plex
|
media_server
|
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-5741
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196956
|
5.4 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5751
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196957
|
6.1 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5750
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196958
|
5.4 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5749
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196959
|
6.1 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5748
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196960
|
5.4 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5747
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
