|
196501
|
9.8 |
CRITICAL
Network
|
citrix
|
gateway_plug-in
|
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks
|
CWE-269
Improper Privilege Management
|
CVE-2020-8257
|
2024-11-21 14:38 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196502
|
7.5 |
HIGH
Network
|
haxx
siemens
debian
oracle
splunk
|
libcurl
sinec_infrastructure_network_services
debian_linux
communications_cloud_native_core_policy
universal_forwarder
|
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
|
CWE-416
Use After Free
|
CVE-2020-8231
|
2024-11-21 14:38 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196503
|
7.8 |
HIGH
Local
|
haxx
debian
fujitsu
siemens
splunk
|
curl
debian_linux
m10-1_firmware
m10-4_firmware
m10-4s_firmware
m12-1_firmware
m12-2_firmware
m12-2s_firmware
sinec_infrastructure_network_services
universal_forwarder
|
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
|
CWE-74
Injection
|
CVE-2020-8177
|
2024-11-21 14:38 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196504
|
7.5 |
HIGH
Network
|
haxx
siemens
debian
splunk
|
curl
simatic_tim_1531_irc_firmware
debian_linux
sinec_infrastructure_network_services
universal_forwarder
|
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
|
CWE-200
Information Exposure
|
CVE-2020-8169
|
2024-11-21 14:38 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196505
|
7.8 |
HIGH
Local
|
kia
|
head_unit_firmware
|
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-8539
|
2024-11-21 14:38 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196506
|
7.8 |
HIGH
Local
|
lenovo
|
pcmanager
|
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
|
CWE-269
Improper Privilege Management
|
CVE-2020-8351
|
2024-11-21 14:38 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196507
|
6.5 |
MEDIUM
Network
|
mongodb
|
ops_manager
|
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 version…
|
NVD-CWE-noinfo
|
CVE-2020-7927
|
2024-11-21 14:38 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196508
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4…
|
NVD-CWE-Other
|
CVE-2020-7928
|
2024-11-21 14:38 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196509
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoD…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-7926
|
2024-11-21 14:38 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196510
|
7.5 |
HIGH
Network
|
mongodb
|
mongodb
|
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service…
|
CWE-20
Improper Input Validation
|
CVE-2020-7925
|
2024-11-21 14:38 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
