|
209071
|
5.9 |
MEDIUM
Network
|
zkteco
|
zkbiosecurity_server
facedepot_7b_firmware
|
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-17473
|
2024-11-21 14:08 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209072
|
7.8 |
HIGH
Local
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-17462
|
2024-11-21 14:08 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209073
|
6.5 |
MEDIUM
Network
|
wireshark
fedoraproject
opensuse
oracle
|
wireshark
fedora
leap
zfs_storage_appliance_kit
|
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
|
CWE-415
Double Free
|
CVE-2020-17498
|
2024-11-21 14:08 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209074
|
5.5 |
MEDIUM
Local
|
artifex
debian
canonical
|
ghostscript
debian_linux
ubuntu_linux
|
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Thi…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-17538
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209075
|
6.1 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
PHP-Fusion 9.03 allows XSS on the preview page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-17450
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209076
|
5.4 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
PHP-Fusion 9.03 allows XSS via the error_log file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-17449
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209077
|
5.3 |
MEDIUM
Network
|
qt
debian
fedoraproject
|
qt
debian_linux
fedora
|
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-17507
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209078
|
9.8 |
CRITICAL
Network
|
articatech
|
web_proxy
|
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
|
CWE-89
SQL Injection
|
CVE-2020-17506
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209079
|
8.8 |
HIGH
Network
|
articatech
|
web_proxy
|
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_…
|
CWE-78
OS Command
|
CVE-2020-17505
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209080
|
8.1 |
HIGH
Adjacent
|
intel
|
inet_wireless_daemon
|
eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4.
|
NVD-CWE-noinfo
|
CVE-2020-17497
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
