|
209351
|
7.4 |
HIGH
Network
|
panorama_project
|
nhiservisignadapter
|
Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
|
CWE-601
Open Redirect
|
CVE-2020-25845
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209352
|
9.8 |
CRITICAL
Network
|
panorama
|
nhiservisignadapter
|
The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25844
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209353
|
9.8 |
CRITICAL
Network
|
panorama
|
nhiservisignadapter
|
NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25843
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209354
|
7.5 |
HIGH
Network
|
panorama
|
nhiservisignadapter
|
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-25842
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209355
|
8.8 |
HIGH
Network
|
qnap
|
quts_hero
qts
|
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS …
|
CWE-77
Command Injection
|
CVE-2020-25847
|
2024-11-21 14:18 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209356
|
7.8 |
HIGH
Local
|
3ds
|
teamwork_cloud
|
An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-25507
|
2024-11-21 14:18 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209357
|
8.8 |
HIGH
Network
|
stratodesk
|
notouch_center
|
Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with "helpdesk" privileges, can perform privileged operatio…
|
CWE-669
CWE-862
Incorrect Resource Transfer Between Spheres
Missing Authorization
|
CVE-2020-25917
|
2024-11-21 14:18 |
2020-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209358
|
6.6 |
MEDIUM
Network
|
pengutronix
|
rauc
|
The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the fi…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-25860
|
2024-11-21 14:18 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209359
|
6.1 |
MEDIUM
Network
|
spiceworks
|
spiceworks
|
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
|
CWE-601
Open Redirect
|
CVE-2020-25901
|
2024-11-21 14:18 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209360
|
6.1 |
MEDIUM
Network
|
xinuos
|
openserver
|
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25495
|
2024-11-21 14:18 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
