|
212451
|
9.8 |
CRITICAL
Network
|
ivanti
|
service_manager_heat_remote_control
desktop\&server_management
|
Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. The DoS can be triggered by sending a speci…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-12441
|
2024-11-21 13:59 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212452
|
7.5 |
HIGH
Network
|
flexera
|
flexnet_publisher
|
An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0.2. The web portal link can be used to access to system files or other important files on the syste…
|
NVD-CWE-noinfo
|
CVE-2020-12081
|
2024-11-21 13:59 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212453
|
7.8 |
HIGH
Local
|
pi-hole
|
pi-hole
|
Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address).
|
CWE-78
OS Command
|
CVE-2020-12620
|
2024-11-21 13:59 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212454
|
9.8 |
CRITICAL
Network
|
trusteddomain
fedoraproject
debian
|
opendmarc
fedora
debian_linux
|
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a spe…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-12460
|
2024-11-21 13:59 |
2020-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212455
|
6.8 |
MEDIUM
Adjacent
|
espressif
|
esp8266_nonos_sdk
esp8266_rtos_sdk
esp-idf
|
An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frame…
|
CWE-287
CWE-319
Improper Authentication
Cleartext Transmission of Sensitive Information
|
CVE-2020-12638
|
2024-11-21 13:59 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212456
|
7.3 |
HIGH
Local
|
phoenixcontact
|
plcnext_engineer
|
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
|
CWE-22
Path Traversal
|
CVE-2020-12499
|
2024-11-21 13:59 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212457
|
6.1 |
MEDIUM
Network
|
collaboraoffice
|
collabora_online_development_edition
|
The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead …
|
CWE-79
Cross-site Scripting
|
CVE-2020-12432
|
2024-11-21 13:59 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212458
|
7.8 |
HIGH
Local
|
rockwellautomation
|
factorytalk_view
|
In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing fo…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-12031
|
2024-11-21 13:59 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212459
|
8.1 |
HIGH
Network
|
rockwellautomation
|
factorytalk_view
|
In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-12028
|
2024-11-21 13:59 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212460
|
4.3 |
MEDIUM
Network
|
rockwellautomation
|
factorytalk_view
|
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaiss…
|
NVD-CWE-noinfo
|
CVE-2020-12027
|
2024-11-21 13:59 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
