|
216021
|
7.5 |
HIGH
Network
|
inductiveautomation
|
ignition_gateway
|
The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted dat…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-12000
|
2024-11-21 13:59 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216022
|
5.5 |
MEDIUM
Local
|
freedesktop
canonical
|
dbus
ubuntu_linux
|
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A loca…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2020-12049
|
2024-11-21 13:59 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216023
|
9.8 |
CRITICAL
Network
|
apache
|
unomi
|
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java proces…
|
NVD-CWE-noinfo
|
CVE-2020-11975
|
2024-11-21 13:59 |
2020-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216024
|
7.5 |
HIGH
Network
|
fastecdsa_project
|
fastecdsa
|
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-12607
|
2024-11-21 13:59 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216025
|
9.8 |
CRITICAL
Network
|
ge
|
rt430_firmware
rt431_firmware
rt434_firmware
|
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-12017
|
2024-11-21 13:59 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216026
|
7.5 |
HIGH
Network
|
openbsd
|
openssh
|
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbit…
|
CWE-20
Improper Input Validation
|
CVE-2020-12062
|
2024-11-21 13:59 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216027
|
10.0 |
CRITICAL
Network
|
swarco
|
cpu_ls4000_firmware
|
An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vul…
|
NVD-CWE-Other
|
CVE-2020-12493
|
2024-11-21 13:59 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216028
|
5.5 |
MEDIUM
Local
|
mozilla
canonical
|
thunderbird
firefox
firefox_esr
ubuntu_linux
|
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and past…
|
CWE-22
Path Traversal
|
CVE-2020-12392
|
2024-11-21 13:59 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216029
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opa…
|
CWE-863
Incorrect Authorization
|
CVE-2020-12391
|
2024-11-21 13:59 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216030
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-12390
|
2024-11-21 13:59 |
2020-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
