|
210911
|
8.8 |
HIGH
Network
|
advantech
|
webaccess
|
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10607
|
2024-11-21 13:55 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210912
|
6.5 |
MEDIUM
Network
|
sun
|
ehrd
|
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality an…
|
CWE-863
Incorrect Authorization
|
CVE-2020-10510
|
2024-11-21 13:55 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210913
|
6.1 |
MEDIUM
Network
|
sun
|
ehrd
|
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10509
|
2024-11-21 13:55 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210914
|
7.5 |
HIGH
Network
|
sun
|
ehrd
|
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
|
NVD-CWE-noinfo
|
CVE-2020-10508
|
2024-11-21 13:55 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210915
|
9.8 |
CRITICAL
Network
|
codesys
|
control_for_plcnext
control_for_beaglebone
control_for_empc-a\/imx6
control_for_iot2000
control_for_linux
control_for_pfc100
control_for_pfc200
control_for_raspberry_pi
contro…
|
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10245
|
2024-11-21 13:55 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210916
|
7.8 |
HIGH
Local
|
asus
|
device_activation
|
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a part…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-10649
|
2024-11-21 13:55 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210917
|
5.4 |
MEDIUM
Network
|
wpforms
|
contact_form
|
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10385
|
2024-11-21 13:55 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210918
|
7.1 |
HIGH
Local
|
redhat
debian
fedoraproject
|
openstack
ansible_tower
ansible
debian_linux
fedora
|
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable wh…
|
CWE-862
Missing Authorization
|
CVE-2020-10684
|
2024-11-21 13:55 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210919
|
6.1 |
MEDIUM
Physics
|
telegram
|
telegram
|
The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This…
|
NVD-CWE-noinfo
|
CVE-2020-10570
|
2024-11-21 13:55 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210920
|
7.5 |
HIGH
Network
|
mikrotik
|
routeros
|
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write syste…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-10364
|
2024-11-21 13:55 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
