|
212261
|
5.5 |
MEDIUM
Local
|
linux
canonical
opensuse
|
linux_kernel
ubuntu_linux
leap
|
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: Thi…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-12656
|
2024-11-21 14:00 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212262
|
7.8 |
HIGH
Local
|
beyondtrust
|
privilege_management_for_windows
|
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate …
|
NVD-CWE-noinfo
|
CVE-2020-12614
|
2024-11-21 13:59 |
2023-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212263
|
7.8 |
HIGH
Local
|
beyondtrust
|
privilege_management_for_windows
|
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning…
|
NVD-CWE-noinfo
|
CVE-2020-12615
|
2024-11-21 13:59 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212264
|
7.8 |
HIGH
Local
|
beyondtrust
|
privilege_management_for_windows
|
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefor…
|
NVD-CWE-noinfo
|
CVE-2020-12612
|
2024-11-21 13:59 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212265
|
8.8 |
HIGH
Network
|
beyondtrust
|
privilege_management_for_windows
|
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). Whe…
|
NVD-CWE-noinfo
|
CVE-2020-12613
|
2024-11-21 13:59 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212266
|
5.9 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
|
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-12413
|
2024-11-21 13:59 |
2023-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212267
|
7.8 |
HIGH
Local
|
pilz
codesys
festo
wago
|
pmc
control_for_beaglebone
control_for_empc-a\/imx6
control_for_iot2000
control_for_pfc100
control_for_pfc200
control_for_plcnext
control_for_raspberry_pi
hmi_v3
control_v3…
|
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-12069
|
2024-11-21 13:59 |
2022-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212268
|
7.5 |
HIGH
Network
|
pilz
|
pmc
|
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2020-12067
|
2024-11-21 13:59 |
2022-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212269
|
7.5 |
HIGH
Network
|
badgermeter
|
moni\
|
In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module.
|
-
|
CVE-2020-12508
|
2024-11-21 13:59 |
2022-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212270
|
8.8 |
HIGH
Network
|
badgermeter
|
moni\
|
In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS.
|
-
|
CVE-2020-12507
|
2024-11-21 13:59 |
2022-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
