|
214041
|
5.4 |
MEDIUM
Network
|
ipear_project
|
ipear
|
In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing an…
|
CWE-77
Command Injection
|
CVE-2020-11084
|
2024-11-21 13:56 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214042
|
4.8 |
MEDIUM
Network
|
octobercms
|
october
|
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11083
|
2024-11-21 13:56 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214043
|
6.1 |
MEDIUM
Network
|
tenda
|
ac15_firmware
|
An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10989
|
2024-11-21 13:56 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214044
|
9.8 |
CRITICAL
Network
|
tenda
|
ac15_firmware
|
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-10988
|
2024-11-21 13:56 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214045
|
9.8 |
CRITICAL
Network
|
tenda
|
ac15_firmware
|
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
|
CWE-78
OS Command
|
CVE-2020-10987
|
2024-11-21 13:56 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214046
|
6.5 |
MEDIUM
Network
|
tenda
|
ac15_firmware
|
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacke…
|
CWE-352
Origin Validation Error
|
CVE-2020-10986
|
2024-11-21 13:56 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214047
|
7.4 |
HIGH
Network
|
bareos
debian
|
bareos
debian_linux
|
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initi…
|
-
|
CVE-2020-11061
|
2024-11-21 13:56 |
2020-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214048
|
8.2 |
HIGH
Local
|
linuxfoundation
|
osquery
|
osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll…
|
-
|
CVE-2020-11081
|
2024-11-21 13:56 |
2020-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214049
|
6.5 |
MEDIUM
Local
|
libslirp_project
redhat
canonical
debian
opensuse
|
libslirp
enterprise_linux
openstack
ubuntu_linux
debian_linux
leap
|
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo reques…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-10756
|
2024-11-21 13:56 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214050
|
6.5 |
MEDIUM
Network
|
samba
canonical
opensuse
fedoraproject
|
samba
ubuntu_linux
leap
fedora
|
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.
|
CWE-416
Use After Free
|
CVE-2020-10760
|
2024-11-21 13:56 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
