|
197461
|
5.5 |
MEDIUM
Local
|
canonical
apport_project
|
ubuntu_linux
apport
|
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs),…
|
CWE-59
Link Following
|
CVE-2020-8831
|
2024-11-21 14:39 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197462
|
7.5 |
HIGH
Network
|
opcfoundation
|
unified_architecture_.net-standard
|
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit …
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-8867
|
2024-11-21 14:39 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197463
|
7.8 |
HIGH
Local
|
google
|
earth
|
Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on t…
|
CWE-426
Untrusted Search Path
|
CVE-2020-8895
|
2024-11-21 14:39 |
2020-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197464
|
5.5 |
MEDIUM
Local
|
huawei
|
taurus-al00b_firmware
|
Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user …
|
CWE-287
Improper Authentication
|
CVE-2020-9070
|
2024-11-21 14:39 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197465
|
7.8 |
HIGH
Local
|
sierrawireless
|
mobile_broadband_driver_package
|
The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged u…
|
CWE-59
Link Following
|
CVE-2020-8948
|
2024-11-21 14:39 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197466
|
8.8 |
HIGH
Network
|
wowza
|
streaming_engine
|
A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-9004
|
2024-11-21 14:39 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197467
|
5.4 |
MEDIUM
Network
|
periscopeholdings
|
buyspeed
|
Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript i…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9056
|
2024-11-21 14:39 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197468
|
9.8 |
CRITICAL
Network
|
avira
|
free_antivirus
|
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to tu…
|
NVD-CWE-noinfo
|
CVE-2020-8961
|
2024-11-21 14:39 |
2020-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197469
|
8.8 |
HIGH
Network
|
argoproj
|
argo_cd
|
As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privil…
|
CWE-287
CWE-1188
Improper Authentication
Insecure Default Initialization of Resource
|
CVE-2020-8828
|
2024-11-21 14:39 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197470
|
7.5 |
HIGH
Network
|
argoproj
|
argo_cd
|
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authenti…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-8827
|
2024-11-21 14:39 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
