|
210211
|
8.8 |
HIGH
Network
|
fork-cms
|
fork_cms
|
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-24036
|
2024-11-21 14:14 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210212
|
6.7 |
MEDIUM
Local
|
tpm2_software_stack_project
fedoraproject
|
tpm2_software_stack
fedora
|
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.…
|
CWE-909
Missing Initialization of Resource
|
CVE-2020-24455
|
2024-11-21 14:14 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210213
|
7.8 |
HIGH
Local
|
yz1
|
yz1
|
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filena…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24175
|
2024-11-21 14:14 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210214
|
5.9 |
MEDIUM
Network
|
tweetstream_project
|
tweetstream
|
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24393
|
2024-11-21 14:14 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210215
|
5.9 |
MEDIUM
Network
|
twitter-stream_project
|
twitter-stream
|
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
|
CWE-295
Improper Certificate Validation
|
CVE-2020-24392
|
2024-11-21 14:14 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210216
|
4.4 |
MEDIUM
Local
|
intel
|
ethernet_network_adapter_700_firmware
|
Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local acce…
|
CWE-20
Improper Input Validation
|
CVE-2020-24505
|
2024-11-21 14:14 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210217
|
5.5 |
MEDIUM
Local
|
intel
|
ethernet_network_adapter_e810_firmware
|
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local acces…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-24504
|
2024-11-21 14:14 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210218
|
5.5 |
MEDIUM
Local
|
intel
|
ethernet_network_adapter_e810_firmware
|
Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.
|
NVD-CWE-noinfo
|
CVE-2020-24503
|
2024-11-21 14:14 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210219
|
5.5 |
MEDIUM
Local
|
intel
|
ethernet_network_adapter_e810_firmware
|
Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable…
|
CWE-20
Improper Input Validation
|
CVE-2020-24502
|
2024-11-21 14:14 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210220
|
6.5 |
MEDIUM
Adjacent
|
intel
|
ethernet_network_adapter_e810_firmware
|
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-24501
|
2024-11-21 14:14 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
