|
209521
|
9.8 |
CRITICAL
Network
|
synology
|
safeaccess
|
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
|
CWE-89
SQL Injection
|
CVE-2020-27660
|
2024-11-21 14:21 |
2020-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209522
|
4.8 |
MEDIUM
Network
|
synology
|
safeaccess
|
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27659
|
2024-11-21 14:21 |
2020-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209523
|
3.7 |
LOW
Network
|
schedmd
debian
|
slurm
debian_linux
|
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /pro…
|
CWE-362
Race Condition
|
CVE-2020-27746
|
2024-11-21 14:21 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209524
|
9.8 |
CRITICAL
Network
|
schedmd
debian
|
slurm
debian_linux
|
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-27745
|
2024-11-21 14:21 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209525
|
4.3 |
MEDIUM
Network
|
glpi-project
|
glpi
|
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-27663
|
2024-11-21 14:21 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209526
|
4.3 |
MEDIUM
Network
|
glpi-project
|
glpi
|
In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-27662
|
2024-11-21 14:21 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209527
|
7.8 |
HIGH
Local
|
trendmicro
|
antivirus\+_security_2020
internet_security_2020
maximum_security_2020
premium_security_2020
|
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink att…
|
CWE-59
Link Following
|
CVE-2020-27697
|
2024-11-21 14:21 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209528
|
7.8 |
HIGH
Local
|
trendmicro
|
antivirus\+_security_2020
internet_security_2020
maximum_security_2020
premium_security_2020
|
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrativ…
|
NVD-CWE-noinfo
|
CVE-2020-27696
|
2024-11-21 14:21 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209529
|
7.8 |
HIGH
Local
|
trendmicro
|
antivirus\+_security_2020
internet_security_2020
maximum_security_2020
premium_security_2020
|
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrati…
|
CWE-426
Untrusted Search Path
|
CVE-2020-27695
|
2024-11-21 14:21 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209530
|
6.5 |
MEDIUM
Network
|
basetech
|
ge-131_bt-1837836_firmware
|
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.
|
CWE-287
Improper Authentication
|
CVE-2020-27558
|
2024-11-21 14:21 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
