|
208151
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a.
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2020-27194
|
2024-11-21 14:20 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208152
|
7.5 |
HIGH
Network
|
apereo
|
central_authentication_service
|
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.
|
NVD-CWE-noinfo
|
CVE-2020-27178
|
2024-11-21 14:20 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208153
|
5.4 |
MEDIUM
Network
|
testimonial_rotator_project
|
testimonial_rotator
|
Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will …
|
CWE-79
Cross-site Scripting
|
CVE-2020-26672
|
2024-11-21 14:20 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208154
|
9.8 |
CRITICAL
Network
|
aptean
|
product_configurator
|
An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited…
|
CWE-89
SQL Injection
|
CVE-2020-26944
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208155
|
8.8 |
HIGH
Network
|
libass_project
|
libass
|
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-26682
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208156
|
7.8 |
HIGH
Local
|
clamxav
|
clamxav
|
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper to…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-26893
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208157
|
9.9 |
CRITICAL
Network
|
openstack
|
blazar-dashboard
|
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the us…
|
NVD-CWE-noinfo
|
CVE-2020-26943
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208158
|
9.6 |
CRITICAL
Network
|
marktext
|
marktext
|
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the d…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27176
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208159
|
7.5 |
HIGH
Network
|
amazon
|
firecracker
|
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memo…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-27174
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208160
|
7.5 |
HIGH
Network
|
vm-superio_project
|
vm-superio
|
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-27173
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
