|
208421
|
5.5 |
MEDIUM
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of ty…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-27762
|
2024-11-21 14:21 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208422
|
3.3 |
LOW
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a cra…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-27761
|
2024-11-21 14:21 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208423
|
5.5 |
MEDIUM
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead …
|
CWE-369
Divide By Zero
|
CVE-2020-27760
|
2024-11-21 14:21 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208424
|
3.3 |
LOW
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-27759
|
2024-11-21 14:21 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208425
|
6.1 |
MEDIUM
Network
|
elastic
redhat
|
kibana
openshift_container_platform
|
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana conso…
|
CWE-601
Open Redirect
|
CVE-2020-27816
|
2024-11-21 14:21 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208426
|
7.5 |
HIGH
Network
|
gorillatoolkit
debian
|
websocket
debian_linux
|
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server…
|
CWE-190
CWE-400
Integer Overflow or Wraparound
Uncontrolled Resource Consumption
|
CVE-2020-27813
|
2024-11-21 14:21 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208427
|
6.7 |
MEDIUM
Local
|
quickheal
|
total_security
|
Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password.
|
CWE-521
Weak Password Requirements
|
CVE-2020-27587
|
2024-11-21 14:21 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208428
|
5.9 |
MEDIUM
Network
|
quickheal
|
total_security
|
Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-27586
|
2024-11-21 14:21 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208429
|
4.4 |
MEDIUM
Local
|
quickheal
|
total_security
|
Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password.
|
CWE-521
Weak Password Requirements
|
CVE-2020-27585
|
2024-11-21 14:21 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208430
|
9.8 |
CRITICAL
Network
|
synology
|
safeaccess
|
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
|
CWE-89
SQL Injection
|
CVE-2020-27660
|
2024-11-21 14:21 |
2020-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
