|
210331
|
5.3 |
MEDIUM
Network
|
ortussolutions
|
testbox
|
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
|
CWE-22
Path Traversal
|
CVE-2020-15928
|
2024-11-21 14:06 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210332
|
6.1 |
MEDIUM
Local
|
pulseaudio_project
|
pulseaudio
|
Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bl…
|
CWE-415
Double Free
|
CVE-2020-15710
|
2024-11-21 14:06 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210333
|
7.5 |
HIGH
Network
|
siemens
|
sinumerik_840d_sl_firmware
simatic_s7-300_cpu_312_firmware
simatic_s7-300_cpu_314_firmware
simatic_s7-300_cpu_315-2_dp_firmware
simatic_s7-300_cpu_315-2_pn_firmware
simatic_s7-300_cpu_…
|
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Se…
|
-
|
CVE-2020-15783
|
2024-11-21 14:06 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210334
|
5.5 |
MEDIUM
Local
|
freedesktop
|
accountsservice
|
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment f…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-16127
|
2024-11-21 14:06 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210335
|
3.3 |
LOW
Local
|
freedesktop
|
accountsservice
|
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to Accoun…
|
NVD-CWE-noinfo
|
CVE-2020-16126
|
2024-11-21 14:06 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210336
|
6.8 |
MEDIUM
Physics
|
gnome
|
gnome_display_manager
|
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could …
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-16125
|
2024-11-21 14:06 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210337
|
7.8 |
HIGH
Local
|
packagekit_project
canonical
|
packagekit
ubuntu_linux
|
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured Policy…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-16122
|
2024-11-21 14:06 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210338
|
3.3 |
LOW
Local
|
packagekit_project
canonical
|
packagekit
ubuntu_linux
|
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-16121
|
2024-11-21 14:06 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210339
|
7.8 |
HIGH
Local
|
canonical
|
ubuntu_linux
|
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15708
|
2024-11-21 14:06 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210340
|
9.0 |
CRITICAL
Network
|
immuta
|
immuta
|
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immut…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15952
|
2024-11-21 14:06 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
