|
212551
|
8.8 |
HIGH
Network
|
apache
|
superset
|
While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary …
|
NVD-CWE-noinfo
|
CVE-2020-13948
|
2024-11-21 14:02 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212552
|
8.8 |
HIGH
Network
|
istio-operator_project
|
istio-operator
|
An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cl…
|
CWE-862
Missing Authorization
|
CVE-2020-14306
|
2024-11-21 14:02 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212553
|
6.1 |
MEDIUM
Network
|
apache
|
atlas
|
Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13928
|
2024-11-21 14:02 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212554
|
9.8 |
CRITICAL
Network
|
daemonology
|
bsdiff
|
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the san…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14315
|
2024-11-21 14:02 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212555
|
5.5 |
MEDIUM
Local
|
linux
debian
canonical
starwindsoftware
|
linux_kernel
debian_linux
ubuntu_linux
starwind_virtual_san
|
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to…
|
-
|
CVE-2020-14314
|
2024-11-21 14:02 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212556
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the k…
|
-
|
CVE-2020-14304
|
2024-11-21 14:02 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212557
|
9.8 |
CRITICAL
Network
|
mi
|
r3600_firmware
|
In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.
|
CWE-77
Command Injection
|
CVE-2020-14100
|
2024-11-21 14:02 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212558
|
9.8 |
CRITICAL
Network
|
mi
|
xiaomi_ai_speaker_firmware
|
Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-14096
|
2024-11-21 14:02 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212559
|
7.5 |
HIGH
Network
|
bitcoin
|
bitcoin_core
|
Bitcoin Core 0.20.0 allows remote denial of service.
|
NVD-CWE-noinfo
|
CVE-2020-14198
|
2024-11-21 14:02 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212560
|
5.9 |
MEDIUM
Network
|
apache
oracle
debian
|
activemq
flexcube_private_banking
communications_diameter_signaling_router
debian_linux
|
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and ca…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-13920
|
2024-11-21 14:02 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
