|
209661
|
3.6 |
LOW
Local
|
bitdefender
|
engines
|
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-…
|
CWE-20
Improper Input Validation
|
CVE-2020-15731
|
2024-11-21 14:06 |
2020-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209662
|
7.3 |
HIGH
Local
|
actfax
|
actfax
|
ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Ins…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-15843
|
2024-11-21 14:06 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209663
|
9.8 |
CRITICAL
Network
|
nakivo
|
backup_\&_replication_transporter
|
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a netw…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15851
|
2024-11-21 14:06 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209664
|
7.8 |
HIGH
Local
|
nakivo
|
backup_\&_replication_director
|
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-15850
|
2024-11-21 14:06 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209665
|
6.1 |
MEDIUM
Network
|
joplin_project
|
joplin
|
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15930
|
2024-11-21 14:06 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209666
|
5.3 |
MEDIUM
Network
|
liferay
|
dxp
liferay_portal
|
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
|
NVD-CWE-noinfo
|
CVE-2020-15840
|
2024-11-21 14:06 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209667
|
7.2 |
HIGH
Network
|
telmat
|
accesslog_firmware
educ\@box_firmware
git\@box_firmware
|
The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network.
|
CWE-78
OS Command
|
CVE-2020-16148
|
2024-11-21 14:06 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209668
|
9.8 |
CRITICAL
Network
|
telmat
|
accesslog_firmware
educ\@box_firmware
git\@box_firmware
|
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.
|
CWE-78
OS Command
|
CVE-2020-16147
|
2024-11-21 14:06 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209669
|
6.5 |
MEDIUM
Network
|
liferay
|
liferay_portal
digital_experience_platform
|
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-15839
|
2024-11-21 14:06 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209670
|
7.8 |
HIGH
Local
|
advantech
|
webaccess
|
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.
|
-
|
CVE-2020-16202
|
2024-11-21 14:06 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
