|
197681
|
8.0 |
HIGH
Network
|
nextcloud
|
deck
|
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-8182
|
2024-11-21 14:38 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197682
|
7.5 |
HIGH
Network
|
bitdefender
|
engines
|
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized me…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2020-8110
|
2024-11-21 14:38 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197683
|
7.5 |
HIGH
Network
|
bitdefender
|
engines
|
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This ca…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-8109
|
2024-11-21 14:38 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197684
|
4.9 |
MEDIUM
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
connect_secure
|
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Enti…
|
CWE-611
XXE
|
CVE-2020-8256
|
2024-11-21 14:38 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197685
|
7.2 |
HIGH
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
pulse_policy_secure
policy_secure
connect_secure
|
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
|
CWE-94
Code Injection
|
CVE-2020-8243
|
2024-11-21 14:38 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197686
|
6.1 |
MEDIUM
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
pulse_policy_secure
policy_secure
connect_secure
|
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).
|
CWE-79
Cross-site Scripting
|
CVE-2020-8238
|
2024-11-21 14:38 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197687
|
6.1 |
MEDIUM
Network
|
lenovo
|
enterprise_network_disk
|
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8348
|
2024-11-21 14:38 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197688
|
6.1 |
MEDIUM
Network
|
lenovo
|
enterprise_network_disk
|
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user'…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8347
|
2024-11-21 14:38 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197689
|
7.8 |
HIGH
Local
|
lenovo
|
63_firmware
h50-30g_firmware
m4500_firmware
m4550_firmware
qitian_4500_firmware
qitian_b4550_firmware
qitian_m4550_firmware
thinkcentre_e73_firmware
thinkcentre_e73s_firmware<…
|
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution
|
NVD-CWE-noinfo
|
CVE-2020-8333
|
2024-11-21 14:38 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197690
|
7.5 |
HIGH
Network
|
citrix
|
xenmobile_server
|
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 lea…
|
CWE-287
Improper Authentication
|
CVE-2020-8253
|
2024-11-21 14:38 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
