|
199461
|
6.7 |
MEDIUM
Local
|
huawei
|
osd_firmware
|
Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vu…
|
NVD-CWE-noinfo
|
CVE-2020-9072
|
2024-11-21 14:39 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199462
|
5.5 |
MEDIUM
Local
|
juplink
|
rx4-1500_firmware
|
httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-8798
|
2024-11-21 14:39 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199463
|
6.7 |
MEDIUM
Local
|
juplink
|
rx4-1500_firmware
|
Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled an…
|
CWE-78
OS Command
|
CVE-2020-8797
|
2024-11-21 14:39 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199464
|
4.7 |
MEDIUM
Local
|
canonical
apport_project
|
ubuntu_linux
apport
|
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this ca…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-8833
|
2024-11-21 14:39 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199465
|
5.5 |
MEDIUM
Local
|
canonical
apport_project
|
ubuntu_linux
apport
|
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs),…
|
CWE-59
Link Following
|
CVE-2020-8831
|
2024-11-21 14:39 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199466
|
7.5 |
HIGH
Network
|
opcfoundation
|
unified_architecture_.net-standard
|
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit …
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-8867
|
2024-11-21 14:39 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199467
|
7.8 |
HIGH
Local
|
google
|
earth
|
Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on t…
|
CWE-426
Untrusted Search Path
|
CVE-2020-8895
|
2024-11-21 14:39 |
2020-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199468
|
5.5 |
MEDIUM
Local
|
huawei
|
taurus-al00b_firmware
|
Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user …
|
CWE-287
Improper Authentication
|
CVE-2020-9070
|
2024-11-21 14:39 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199469
|
7.8 |
HIGH
Local
|
sierrawireless
|
mobile_broadband_driver_package
|
The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged u…
|
CWE-59
Link Following
|
CVE-2020-8948
|
2024-11-21 14:39 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199470
|
8.8 |
HIGH
Network
|
wowza
|
streaming_engine
|
A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-9004
|
2024-11-21 14:39 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
