|
210261
|
9.8 |
CRITICAL
Network
|
draytek
|
vigor3900_firmware
vigor2960_firmware
vigor300b_firmware
|
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-pytho…
|
CWE-78
OS Command
|
CVE-2020-15415
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210262
|
4.3 |
MEDIUM
Network
|
misp
|
misp
|
An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.
|
CWE-862
Missing Authorization
|
CVE-2020-15412
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210263
|
9.8 |
CRITICAL
Network
|
misp
|
misp
|
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.
|
NVD-CWE-noinfo
|
CVE-2020-15411
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210264
|
4.4 |
MEDIUM
Local
|
iobit
|
malware_fighter
|
IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link.
|
CWE-59
Link Following
|
CVE-2020-15401
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210265
|
4.3 |
MEDIUM
Network
|
cakefoundation
|
cakephp
|
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2020-15400
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210266
|
7.8 |
HIGH
Local
|
hylafax\+_project
ifax
|
hylafax\+
hylafax_enterprise
|
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uuc…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15397
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210267
|
7.8 |
HIGH
Local
|
hylafax\+_project
ifax
fedoraproject
opensuse
|
hylafax\+
hylafax_enterprise
fedora
leap
backports_sle
|
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to…
|
CWE-362
Race Condition
|
CVE-2020-15396
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210268
|
7.8 |
HIGH
Local
|
mediaarea
fedoraproject
|
mediainfo
fedora
|
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).
|
CWE-125
Out-of-bounds Read
|
CVE-2020-15395
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210269
|
5.5 |
MEDIUM
Local
|
linux
debian
opensuse
canonical
|
linux_kernel
debian_linux
leap
ubuntu_linux
|
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-15393
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210270
|
6.5 |
MEDIUM
Network
|
uclouvain
debian
oracle
|
openjpeg
debian_linux
outside_in_technology
|
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a dou…
|
CWE-416
Use After Free
|
CVE-2020-15389
|
2024-11-21 14:05 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
