|
208251
|
6.5 |
MEDIUM
Network
|
bookingcore
|
booking_core
|
Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This res…
|
CWE-352
Origin Validation Error
|
CVE-2020-27379
|
2024-11-21 14:21 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208252
|
8.8 |
HIGH
Network
|
akkadianlabs
|
akkadian_provisioning_manager
|
An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges.
|
CWE-863
Incorrect Authorization
|
CVE-2020-27362
|
2024-11-21 14:21 |
2021-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208253
|
7.5 |
HIGH
Network
|
akkadianlabs
|
akkadian_provisioning_manager
|
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-27361
|
2024-11-21 14:21 |
2021-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208254
|
7.5 |
HIGH
Network
|
prototypejs
|
prototype
|
An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.
|
NVD-CWE-noinfo
|
CVE-2020-27511
|
2024-11-21 14:21 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208255
|
6.7 |
MEDIUM
Local
|
insyde
siemens
|
insydeh2o
ruggedcom_apr1808_firmware
simatic_field_pg_m5_firmware
simatic_field_pg_m6_firmware
simatic_ipc127e_firmware
simatic_ipc227g_firmware
simatic_ipc277g_firmware
simatic_…
|
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. T…
|
CWE-20
Improper Input Validation
|
CVE-2020-27339
|
2024-11-21 14:21 |
2021-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208256
|
7.8 |
HIGH
Local
|
blizzard
|
battle.net
|
Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of hi…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-27383
|
2024-11-21 14:21 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208257
|
7.8 |
HIGH
Local
|
arena
|
guild_wars_2
|
The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-27384
|
2024-11-21 14:21 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208258
|
8.0 |
HIGH
Adjacent
|
realtek
|
rtl8710c_firmware
rtl8195a_firmware
|
A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK"…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27302
|
2024-11-21 14:21 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208259
|
8.0 |
HIGH
Adjacent
|
realtek
|
rtl8710c_firmware
rtl8195a_firmware
|
A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27301
|
2024-11-21 14:21 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208260
|
6.5 |
MEDIUM
Local
|
qemu
|
qemu
|
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on t…
|
CWE-369
Divide By Zero
|
CVE-2020-27661
|
2024-11-21 14:21 |
2021-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
