|
208051
|
7.5 |
HIGH
Network
|
prototypejs
|
prototype
|
An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.
|
NVD-CWE-noinfo
|
CVE-2020-27511
|
2024-11-21 14:21 |
2021-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208052
|
6.7 |
MEDIUM
Local
|
insyde
siemens
|
insydeh2o
ruggedcom_apr1808_firmware
simatic_field_pg_m5_firmware
simatic_field_pg_m6_firmware
simatic_ipc127e_firmware
simatic_ipc227g_firmware
simatic_ipc277g_firmware
simatic_…
|
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. T…
|
CWE-20
Improper Input Validation
|
CVE-2020-27339
|
2024-11-21 14:21 |
2021-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208053
|
7.8 |
HIGH
Local
|
blizzard
|
battle.net
|
Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of hi…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-27383
|
2024-11-21 14:21 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208054
|
7.8 |
HIGH
Local
|
arena
|
guild_wars_2
|
The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-27384
|
2024-11-21 14:21 |
2021-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208055
|
8.0 |
HIGH
Adjacent
|
realtek
|
rtl8710c_firmware
rtl8195a_firmware
|
A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK"…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27302
|
2024-11-21 14:21 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208056
|
8.0 |
HIGH
Adjacent
|
realtek
|
rtl8710c_firmware
rtl8195a_firmware
|
A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27301
|
2024-11-21 14:21 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208057
|
6.5 |
MEDIUM
Local
|
qemu
|
qemu
|
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on t…
|
CWE-369
Divide By Zero
|
CVE-2020-27661
|
2024-11-21 14:21 |
2021-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208058
|
4.8 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27377
|
2024-11-21 14:21 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208059
|
6.5 |
MEDIUM
Network
|
freedesktop
|
xdg-utils
|
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderb…
|
-
|
CVE-2020-27748
|
2024-11-21 14:21 |
2021-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208060
|
9.8 |
CRITICAL
Network
|
linuxfoundation
|
dex
|
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest th…
|
-
|
CVE-2020-27847
|
2024-11-21 14:21 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
