|
210631
|
7.8 |
HIGH
Local
|
iobit
|
iobit_unlocker
|
The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124.
|
NVD-CWE-noinfo
|
CVE-2020-14975
|
2024-11-21 14:04 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210632
|
7.1 |
HIGH
Local
|
iobit
|
iobit_unlocker
|
The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124.
|
NVD-CWE-noinfo
|
CVE-2020-14974
|
2024-11-21 14:04 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210633
|
7.8 |
HIGH
Local
|
pi-hole
|
pi-hole
|
Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an…
|
CWE-862
Missing Authorization
|
CVE-2020-14971
|
2024-11-21 14:04 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210634
|
4.8 |
MEDIUM
Network
|
tp-link
|
tl-wr740n_firmware
tl-wr740nd_firmware
|
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control s…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14965
|
2024-11-21 14:04 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210635
|
9.8 |
CRITICAL
Network
|
draytek
|
vigor300b_firmware
vigor2960_firmware
vigor3900_firmware
|
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authu…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14993
|
2024-11-21 14:04 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210636
|
7.5 |
HIGH
Network
|
herac
|
tuxguitar
|
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files.
|
CWE-611
XXE
|
CVE-2020-14940
|
2024-11-21 14:04 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210637
|
7.8 |
HIGH
Local
|
freedroid
|
freedroidrpg
|
An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, l…
|
CWE-20
Improper Input Validation
|
CVE-2020-14939
|
2024-11-21 14:04 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210638
|
9.8 |
CRITICAL
Network
|
freedroid
|
freedroidrpg
|
An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size ve…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14938
|
2024-11-21 14:04 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210639
|
4.3 |
MEDIUM
Network
|
globalradar
|
bsa_radar
|
downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, …
|
CWE-22
Path Traversal
|
CVE-2020-14946
|
2024-11-21 14:04 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210640
|
8.8 |
HIGH
Network
|
globalradar
|
bsa_radar
|
A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator ri…
|
NVD-CWE-noinfo
|
CVE-2020-14945
|
2024-11-21 14:04 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
