|
212621
|
9.8 |
CRITICAL
Network
|
inetsoftware
|
i-net_clear_reports
|
XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a we…
|
CWE-611
XXE
|
CVE-2020-12684
|
2024-11-21 14:00 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212622
|
4.6 |
MEDIUM
Physics
|
yubico
|
libykpiv
piv_tool_manager
yubikey_smart_card_minidriver
|
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. Thi…
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2020-13132
|
2024-11-21 14:00 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212623
|
4.3 |
MEDIUM
Physics
|
yubico
|
libykpiv
piv_tool_manager
yubikey_smart_card_minidriver
|
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-13131
|
2024-11-21 14:00 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212624
|
9.8 |
CRITICAL
Network
|
protocol
|
gossipsub
|
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
|
NVD-CWE-noinfo
|
CVE-2020-12821
|
2024-11-21 14:00 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212625
|
7.2 |
HIGH
Network
|
code42
|
code42
|
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the…
|
CWE-74
Injection
|
CVE-2020-12736
|
2024-11-21 14:00 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212626
|
8.8 |
HIGH
Network
|
obdev
|
little_snitch
|
Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code execut…
|
CWE-59
Link Following
|
CVE-2020-13095
|
2024-11-21 14:00 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212627
|
7.3 |
HIGH
Local
|
boolebox
|
boolebox
|
BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-13247
|
2024-11-21 14:00 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212628
|
5.4 |
MEDIUM
Network
|
boolebox
|
boolebox
|
BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13248
|
2024-11-21 14:00 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212629
|
5.7 |
MEDIUM
Adjacent
|
sane-project
canonical
opensuse
|
sane_backends
ubuntu_linux
leap
|
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-12866
|
2024-11-21 14:00 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212630
|
8.0 |
HIGH
Adjacent
|
sane-project
debian
canonical
opensuse
|
sane_backends
debian_linux
ubuntu_linux
leap
|
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-12865
|
2024-11-21 14:00 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
