|
209821
|
9.8 |
CRITICAL
Network
|
openbsd
|
openbsd
|
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
|
CWE-287
Improper Authentication
|
CVE-2020-16088
|
2024-11-21 14:06 |
2020-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209822
|
6.5 |
MEDIUM
Network
|
kde
debian
|
kmail
debian_linux
|
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-15954
|
2024-11-21 14:06 |
2020-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209823
|
7.4 |
HIGH
Network
|
libetpan_project
libmailcore
fedoraproject
debian
|
libetpan
mailcore2
fedora
debian_linux
|
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the clien…
|
CWE-74
Injection
|
CVE-2020-15953
|
2024-11-21 14:06 |
2020-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209824
|
5.5 |
MEDIUM
Local
|
lua
|
lua
|
Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the f…
|
NVD-CWE-Other
|
CVE-2020-15945
|
2024-11-21 14:06 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209825
|
8.8 |
HIGH
Network
|
overwolf
|
overwolf
|
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.
|
CWE-59
Link Following
|
CVE-2020-15932
|
2024-11-21 14:06 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209826
|
9.9 |
CRITICAL
Network
|
parallels
|
remote_application_server
|
Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system t…
|
NVD-CWE-Other
|
CVE-2020-15860
|
2024-11-21 14:06 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209827
|
7.8 |
HIGH
Local
|
openbsd
netapp
broadcom
|
openssh
a700s_firmware
steelstore_cloud_integrated_storage
active_iq_unified_manager
solidfire
hci_management_node
hci_storage_node
hci_compute_node
fabric_operating_system
|
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that t…
|
CWE-78
OS Command
|
CVE-2020-15778
|
2024-11-21 14:06 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209828
|
7.5 |
HIGH
Network
|
midasolutions
|
eframework
|
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.
|
CWE-89
SQL Injection
|
CVE-2020-15924
|
2024-11-21 14:06 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209829
|
7.5 |
HIGH
Network
|
midasolutions
|
eframework
|
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.
|
CWE-22
Path Traversal
|
CVE-2020-15923
|
2024-11-21 14:06 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209830
|
9.8 |
CRITICAL
Network
|
midasolutions
|
eframework
|
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
|
CWE-78
OS Command
|
CVE-2020-15922
|
2024-11-21 14:06 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
