|
210471
|
9.8 |
CRITICAL
Network
|
redlion
|
n-tron_702-w_firmware
n-tron_702m12-w_firmware
|
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all vers…
|
-
|
CVE-2020-16204
|
2024-11-21 14:06 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210472
|
5.5 |
MEDIUM
Local
|
canonical
|
ppp
|
The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment v…
|
CWE-20
Improper Input Validation
|
CVE-2020-15704
|
2024-11-21 14:06 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210473
|
7.5 |
HIGH
Network
|
linuxfoundation
|
acrn
|
Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/…
|
NVD-CWE-Other
|
CVE-2020-15687
|
2024-11-21 14:06 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210474
|
3.5 |
LOW
Adjacent
|
mercedes-benz
|
comand
|
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-16142
|
2024-11-21 14:06 |
2020-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210475
|
5.4 |
MEDIUM
Network
|
osticket
|
osticket
|
osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.
|
CWE-79
Cross-site Scripting
|
CVE-2020-16193
|
2024-11-21 14:06 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210476
|
4.3 |
MEDIUM
Network
|
octopus
|
server
octopus_server
|
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentia…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-16197
|
2024-11-21 14:06 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210477
|
7.8 |
HIGH
Local
|
gradle
|
maven
|
An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-15777
|
2024-11-21 14:06 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210478
|
6.4 |
MEDIUM
Physics
|
thalesgroup
|
bgs5_firmware
ehs5_firmware
ehs8_firmware
ehs6_firmware
pds5_firmware
pds6_firmware
els61_firmware
els81_firmware
pls62_firmware
|
Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be…
|
CWE-22
Path Traversal
|
CVE-2020-15858
|
2024-11-21 14:06 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210479
|
7.8 |
HIGH
Local
|
net-snmp
canonical
netapp
|
net-snmp
ubuntu_linux
cloud_backup
smi-s_provider
solidfire
hci_management_node
|
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
|
CWE-269
Improper Privilege Management
|
CVE-2020-15862
|
2024-11-21 14:06 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210480
|
7.8 |
HIGH
Local
|
net-snmp
canonical
netapp
|
net-snmp
ubuntu_linux
cloud_backup
smi-s_provider
solidfire_\&_hci_management_node
|
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
|
CWE-59
Link Following
|
CVE-2020-15861
|
2024-11-21 14:06 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
