|
208511
|
5.3 |
MEDIUM
Local
|
xen
fedoraproject
debian
|
xen
fedora
debian_linux
|
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27674
|
2024-11-21 14:21 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208512
|
5.5 |
MEDIUM
Local
|
linux
debian
opensuse
xen
|
linux_kernel
debian_linux
leap
xen
|
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e995…
|
NVD-CWE-noinfo
|
CVE-2020-27673
|
2024-11-21 14:21 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208513
|
7.0 |
HIGH
Local
|
xen
fedoraproject
opensuse
debian
|
xen
fedora
leap
debian_linux
|
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition tha…
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2020-27672
|
2024-11-21 14:21 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208514
|
7.8 |
HIGH
Local
|
xen
opensuse
debian
fedoraproject
|
xen
leap
debian_linux
fedora
|
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing…
|
NVD-CWE-noinfo
|
CVE-2020-27671
|
2024-11-21 14:21 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208515
|
7.8 |
HIGH
Local
|
xen
opensuse
fedoraproject
debian
|
xen
leap
fedora
debian_linux
|
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-tabl…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-27670
|
2024-11-21 14:21 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208516
|
5.4 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27666
|
2024-11-21 14:21 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208517
|
7.5 |
HIGH
Network
|
strapi
|
strapi
|
In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-27665
|
2024-11-21 14:21 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208518
|
9.8 |
CRITICAL
Network
|
strapi
|
strapi
|
admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.
|
NVD-CWE-noinfo
|
CVE-2020-27664
|
2024-11-21 14:21 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208519
|
5.4 |
MEDIUM
Network
|
dedecms
|
dedecms
|
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web p…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27533
|
2024-11-21 14:21 |
2020-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208520
|
6.5 |
MEDIUM
Network
|
biscom
|
secure_file_transfer
|
Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.
|
NVD-CWE-noinfo
|
CVE-2020-27646
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
