|
208461
|
8.1 |
HIGH
Network
|
flexdotnetcms_project
|
flexdotnetcms
|
Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root.…
|
CWE-22
Path Traversal
|
CVE-2020-27385
|
2024-11-21 14:21 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208462
|
9.8 |
CRITICAL
Network
|
goodlayers
|
good_learning_management_system
|
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to…
|
CWE-89
SQL Injection
|
CVE-2020-27481
|
2024-11-21 14:21 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208463
|
7.1 |
HIGH
Adjacent
|
audi
|
mmi_multiplayer
|
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory con…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-27524
|
2024-11-21 14:21 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208464
|
7.5 |
HIGH
Network
|
mersive
|
solstice_pod_firmware
|
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authenticatio…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-27523
|
2024-11-21 14:21 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208465
|
6.5 |
MEDIUM
Adjacent
|
tcl
|
32s330_firmware
40s330_firmware
43s434_firmware
50s434_firmware
55s434_firmware
65s434_firmware
75s434_firmware
|
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to ar…
|
CWE-200
Information Exposure
|
CVE-2020-27403
|
2024-11-21 14:21 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208466
|
8.8 |
HIGH
Network
|
trendmicro
|
interscan_messaging_security_virtual_appliance
|
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.
|
NVD-CWE-noinfo
|
CVE-2020-27694
|
2024-11-21 14:21 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208467
|
4.4 |
MEDIUM
Local
|
trendmicro
|
interscan_messaging_security_virtual_appliance
|
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-27693
|
2024-11-21 14:21 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208468
|
7.5 |
HIGH
Network
|
synopsys
|
hub-rest-api-python
|
Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-27589
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208469
|
6.5 |
MEDIUM
Network
|
qemu
debian
|
qemu
debian_linux
|
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
|
CWE-617
Reachable Assertion
|
CVE-2020-27617
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208470
|
6.5 |
MEDIUM
Network
|
qemu
|
qemu
|
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
|
CWE-682
Incorrect Calculation
|
CVE-2020-27616
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
