|
214241
|
7.8 |
HIGH
Local
|
asus
|
device_activation
|
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a part…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-10649
|
2024-11-21 13:55 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214242
|
5.4 |
MEDIUM
Network
|
wpforms
|
contact_form
|
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10385
|
2024-11-21 13:55 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214243
|
7.1 |
HIGH
Local
|
redhat
debian
fedoraproject
|
openstack
ansible_tower
ansible
debian_linux
fedora
|
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable wh…
|
CWE-862
Missing Authorization
|
CVE-2020-10684
|
2024-11-21 13:55 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214244
|
6.1 |
MEDIUM
Physics
|
telegram
|
telegram
|
The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This…
|
NVD-CWE-noinfo
|
CVE-2020-10570
|
2024-11-21 13:55 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214245
|
7.5 |
HIGH
Network
|
mikrotik
|
routeros
|
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write syste…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-10364
|
2024-11-21 13:55 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214246
|
9.1 |
CRITICAL
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3…
|
NVD-CWE-noinfo
|
CVE-2020-10661
|
2024-11-21 13:55 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214247
|
5.3 |
MEDIUM
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-10660
|
2024-11-21 13:55 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214248
|
7.5 |
HIGH
Network
|
torproject
opensuse
|
tor
leap
backports_sle
|
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_c…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-10593
|
2024-11-21 13:55 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214249
|
7.5 |
HIGH
Network
|
torproject
opensuse
|
tor
leap
backports
|
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
|
NVD-CWE-noinfo
|
CVE-2020-10592
|
2024-11-21 13:55 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214250
|
6.5 |
MEDIUM
Network
|
tesla
|
model_3_web_interface
|
The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer…
|
NVD-CWE-noinfo
|
CVE-2020-10558
|
2024-11-21 13:55 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
