|
211651
|
8.8 |
HIGH
Network
|
dd-wrt
|
dd-wrt
|
An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation…
|
CWE-78
OS Command
|
CVE-2020-13976
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211652
|
7.8 |
HIGH
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-13974
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211653
|
6.1 |
MEDIUM
Network
|
owasp
|
json-sanitizer
|
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as Ja…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13973
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211654
|
6.1 |
MEDIUM
Network
|
roundcube
debian
fedoraproject
|
webmail
debian_linux
fedora
|
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13965
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211655
|
6.1 |
MEDIUM
Network
|
roundcube
fedoraproject
debian
|
webmail
fedora
debian_linux
|
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13964
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211656
|
7.5 |
HIGH
Network
|
mumble
qt
fedoraproject
opensuse
|
mumble
qt
fedora
leap
|
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors le…
|
NVD-CWE-noinfo
|
CVE-2020-13962
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211657
|
7.5 |
HIGH
Network
|
dlink
|
dsl-2730u_firmware
dir-600m_firmware
|
D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (a…
|
NVD-CWE-noinfo
|
CVE-2020-13960
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211658
|
7.8 |
HIGH
Local
|
citrix
|
workspace_app
|
Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13885
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211659
|
7.8 |
HIGH
Local
|
citrix
|
workspace_app
|
Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13884
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211660
|
7.8 |
HIGH
Local
|
qbik
|
wingate
|
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-13866
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
