|
208891
|
7.5 |
HIGH
Network
|
amazon
|
firecracker
|
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memo…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-27174
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208892
|
7.5 |
HIGH
Network
|
vm-superio_project
|
vm-superio
|
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-27173
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208893
|
6.1 |
MEDIUM
Network
|
phpredisadmin_project
|
phpredisadmin
|
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27163
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208894
|
6.1 |
MEDIUM
Network
|
sagedpw
|
sage_dpw
|
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking …
|
CWE-79
Cross-site Scripting
|
CVE-2020-26584
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208895
|
6.1 |
MEDIUM
Network
|
sagedpw
|
sage_dpw
|
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26583
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208896
|
8.1 |
HIGH
Network
|
veritas
|
aptare
|
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-27157
|
2024-11-21 14:20 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208897
|
9.8 |
CRITICAL
Network
|
veritas
|
aptare
|
Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user.
|
CWE-863
Incorrect Authorization
|
CVE-2020-27156
|
2024-11-21 14:20 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208898
|
8.6 |
HIGH
Network
|
bluez
debian
opensuse
|
bluez
debian_linux
leap
|
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during servic…
|
CWE-415
Double Free
|
CVE-2020-27153
|
2024-11-21 14:20 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208899
|
4.4 |
MEDIUM
Local
|
trendmicro
|
antivirus
|
Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and writt…
|
NVD-CWE-noinfo
|
CVE-2020-27013
|
2024-11-21 14:20 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208900
|
7.5 |
HIGH
Network
|
evolutionscript
|
helpdeskz
|
An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no l…
|
CWE-89
SQL Injection
|
CVE-2020-26546
|
2024-11-21 14:20 |
2020-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
