|
209861
|
7.8 |
HIGH
Local
|
360totalsecurity
|
360_total_security
|
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could e…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-15722
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209862
|
7.5 |
HIGH
Network
|
bitwarden
|
server
|
Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8,…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-15879
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209863
|
8.8 |
HIGH
Network
|
librenms
|
librenms
|
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
|
NVD-CWE-noinfo
|
CVE-2020-15877
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209864
|
6.5 |
MEDIUM
Network
|
librenms
|
librenms
|
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
|
CWE-89
SQL Injection
|
CVE-2020-15873
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209865
|
3.3 |
LOW
Local
|
qemu
debian
|
qemu
debian_linux
|
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
|
CWE-416
Use After Free
|
CVE-2020-15859
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209866
|
9.8 |
CRITICAL
Network
|
mruby
debian
|
mruby
debian_linux
|
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-15866
|
2024-11-21 14:06 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209867
|
7.8 |
HIGH
Local
|
linux
xen
netapp
|
linux_kernel
xen
cloud_backup
steelstore_cloud_integrated_storage
solidfire_baseboard_management_controller
|
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs b…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-15852
|
2024-11-21 14:06 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209868
|
8.1 |
HIGH
Network
|
liferay
|
liferay_portal
dxp
|
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serial…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-15842
|
2024-11-21 14:06 |
2020-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209869
|
8.8 |
HIGH
Network
|
liferay
|
liferay_portal
dxp
|
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attacke…
|
NVD-CWE-noinfo
|
CVE-2020-15841
|
2024-11-21 14:06 |
2020-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209870
|
8.8 |
HIGH
Network
|
westerndigital
|
wd_discovery
|
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-15816
|
2024-11-21 14:06 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
