|
216051
|
9.8 |
CRITICAL
Network
|
seowonintech
|
slc-130_firmware
slr-120s_firmware
slr-120s42g_firmware
slr-120d42g_firmware
slr-120t42g_firmware
|
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
|
CWE-78
OS Command
|
CVE-2020-17456
|
2024-11-21 14:08 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216052
|
7.5 |
HIGH
Network
|
megvii
|
koala_firmware
|
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-17475
|
2024-11-21 14:08 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216053
|
9.8 |
CRITICAL
Network
|
zkteco
|
zkbiosecurity_server
facedepot_7b_firmware
|
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-17474
|
2024-11-21 14:08 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216054
|
5.9 |
MEDIUM
Network
|
zkteco
|
zkbiosecurity_server
facedepot_7b_firmware
|
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-17473
|
2024-11-21 14:08 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216055
|
7.8 |
HIGH
Local
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-17462
|
2024-11-21 14:08 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216056
|
6.5 |
MEDIUM
Network
|
wireshark
fedoraproject
opensuse
oracle
|
wireshark
fedora
leap
zfs_storage_appliance_kit
|
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
|
CWE-415
Double Free
|
CVE-2020-17498
|
2024-11-21 14:08 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216057
|
5.5 |
MEDIUM
Local
|
artifex
debian
canonical
|
ghostscript
debian_linux
ubuntu_linux
|
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Thi…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-17538
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216058
|
6.1 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
PHP-Fusion 9.03 allows XSS on the preview page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-17450
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216059
|
5.4 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
PHP-Fusion 9.03 allows XSS via the error_log file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-17449
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216060
|
5.3 |
MEDIUM
Network
|
qt
debian
fedoraproject
|
qt
debian_linux
fedora
|
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-17507
|
2024-11-21 14:08 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
