|
210241
|
7.8 |
HIGH
Local
|
gog
|
galaxy
|
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak fil…
|
CWE-667
CWE-732
Improper Locking
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15529
|
2024-11-21 14:05 |
2020-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210242
|
7.8 |
HIGH
Local
|
gog
|
galaxy
|
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity che…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15528
|
2024-11-21 14:05 |
2020-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210243
|
7.8 |
HIGH
Local
|
python
netapp
|
python
snapcenter
|
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native appl…
|
CWE-427
CWE-908
Uncontrolled Search Path Element
Use of Uninitialized Resource
|
CVE-2020-15523
|
2024-11-21 14:05 |
2020-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210244
|
8.8 |
HIGH
Network
|
veeam
|
veeam_availability_suite
veeam_backup_\&_replication
|
VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O req…
|
CWE-862
Missing Authorization
|
CVE-2020-15518
|
2024-11-21 14:05 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210245
|
2.3 |
LOW
Local
|
qemu
debian
|
qemu
debian_linux
|
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-15469
|
2024-11-21 14:05 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210246
|
7.5 |
HIGH
Network
|
libraw
fedoraproject
debian
|
libraw
fedora
debian_linux
|
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed…
|
CWE-20
Improper Input Validation
|
CVE-2020-15503
|
2024-11-21 14:05 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210247
|
7.5 |
HIGH
Network
|
duckduckgo
|
duckduckgo
|
The DuckDuckGo application through 5.58.0 for Android, and through 7.47.1.0 for iOS, sends hostnames of visited web sites within HTTPS .ico requests to servers in the duckduckgo.com domain, which mig…
|
CWE-200
Information Exposure
|
CVE-2020-15502
|
2024-11-21 14:05 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210248
|
6.1 |
MEDIUM
Network
|
tileserver
|
tileservergl
|
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflect…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15500
|
2024-11-21 14:05 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210249
|
9.8 |
CRITICAL
Network
|
wavlink
|
wl-wn530hg4_firmware
|
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. (The …
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-15490
|
2024-11-21 14:05 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210250
|
9.8 |
CRITICAL
Network
|
wavlink
|
wl-wn530hg4_firmware
|
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root pri…
|
CWE-78
OS Command
|
CVE-2020-15489
|
2024-11-21 14:05 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
