|
211081
|
7.2 |
HIGH
Network
|
mi
|
ax3600_firmware
|
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12
|
CWE-77
Command Injection
|
CVE-2020-14109
|
2024-11-21 14:02 |
2021-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211082
|
7.5 |
HIGH
Network
|
apache
|
zeppelin
|
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin versio…
|
NVD-CWE-noinfo
|
CVE-2020-13929
|
2024-11-21 14:02 |
2021-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211083
|
6.1 |
MEDIUM
Network
|
thecodingmachine
|
gotenberg
|
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14161
|
2024-11-21 14:02 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211084
|
7.5 |
HIGH
Network
|
thecodingmachine
|
gotenberg
|
An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-14160
|
2024-11-21 14:02 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211085
|
9.8 |
CRITICAL
Network
|
asrock
|
box-r1000_firmware
|
ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM.
|
CWE-269
Improper Privilege Management
|
CVE-2020-14032
|
2024-11-21 14:02 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211086
|
7.5 |
HIGH
Network
|
apache
debian
fedoraproject
oracle
|
http_server
debian_linux
fedora
instantis_enterprisetrack
enterprise_manager_ops_center
zfs_storage_appliance_kit
|
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, le…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-13950
|
2024-11-21 14:02 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211087
|
5.5 |
MEDIUM
Local
|
apache
mcafee
netapp
|
http_server
epolicy_orchestrator
cloud_backup
|
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
|
CWE-862
Missing Authorization
|
CVE-2020-13938
|
2024-11-21 14:02 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211088
|
5.5 |
MEDIUM
Local
|
redhat
|
wildfly
jboss_enterprise_application_platform
|
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An atta…
|
-
|
CVE-2020-14317
|
2024-11-21 14:02 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211089
|
6.5 |
MEDIUM
Network
|
redhat
netapp
|
libvirt
enterprise_linux
enterprise_linux_tus
enterprise_linux_eus
enterprise_linux_server_aus
enterprise_linux_server_update_services_for_sap_solutions
enterprise_linux_for_power_l…
|
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows…
|
-
|
CVE-2020-14301
|
2024-11-21 14:02 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211090
|
9.8 |
CRITICAL
Network
|
codologic
|
codoforum
|
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-rese…
|
CWE-89
SQL Injection
|
CVE-2020-13873
|
2024-11-21 14:02 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
