|
210571
|
5.5 |
MEDIUM
Local
|
openexr
fedoraproject
opensuse
|
openexr
fedora
leap
|
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by …
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-15304
|
2024-11-21 14:05 |
2020-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210572
|
7.5 |
HIGH
Network
|
argent
|
recoverymanager
|
In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-15302
|
2024-11-21 14:05 |
2020-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210573
|
7.5 |
HIGH
Network
|
acronis
|
agent
|
A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data.
|
NVD-CWE-noinfo
|
CVE-2020-14999
|
2024-11-21 14:04 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210574
|
5.3 |
MEDIUM
Network
|
openvpn
|
openvpn_access_server
|
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be us…
|
CWE-287
Improper Authentication
|
CVE-2020-15077
|
2024-11-21 14:04 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210575
|
7.8 |
HIGH
Local
|
openvpn
|
private_tunnel
|
Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp.
|
CWE-59
Link Following
|
CVE-2020-15076
|
2024-11-21 14:04 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210576
|
9.8 |
CRITICAL
Network
|
ampache
|
ampache
|
Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and t…
|
-
|
CVE-2020-15153
|
2024-11-21 14:04 |
2021-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210577
|
7.5 |
HIGH
Network
|
openvpn
fedoraproject
canonical
debian
|
openvpn
fedora
ubuntu_linux
debian_linux
|
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentia…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15078
|
2024-11-21 14:04 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210578
|
7.1 |
HIGH
Local
|
openvpn
|
connect
|
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
|
CWE-59
Link Following
|
CVE-2020-15075
|
2024-11-21 14:04 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210579
|
6.5 |
MEDIUM
Network
|
bloomreach
|
experience_manager
|
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.
|
CWE-352
Origin Validation Error
|
CVE-2020-14989
|
2024-11-21 14:04 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210580
|
5.4 |
MEDIUM
Network
|
bloomreach
|
experience_manager
|
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML ele…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14988
|
2024-11-21 14:04 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
