|
209561
|
6.5 |
MEDIUM
Network
|
qemu
|
qemu
|
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
|
CWE-682
Incorrect Calculation
|
CVE-2020-27616
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209562
|
7.8 |
HIGH
Local
|
tmux_project
|
tmux
|
In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27347
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209563
|
7.5 |
HIGH
Network
|
robware
|
rvtools
|
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method f…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-27688
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209564
|
7.8 |
HIGH
Local
|
hindotech
|
hk1_box_s905x3_firmware
|
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.
|
NVD-CWE-noinfo
|
CVE-2020-27402
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209565
|
8.8 |
HIGH
Network
|
horizontcms_project
|
horizontcms
|
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PH…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-27387
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209566
|
8.8 |
HIGH
Network
|
imomobile
|
verve_connect_vh510_firmware
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the T…
|
CWE-352
Origin Validation Error
|
CVE-2020-27692
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209567
|
6.1 |
MEDIUM
Network
|
imomobile
|
verve_connect_vh510_firmware
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27691
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209568
|
5.5 |
MEDIUM
Local
|
imomobile
|
verve_connect_vh510_firmware
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-27690
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209569
|
9.8 |
CRITICAL
Network
|
imomobile
|
verve_connect_vh510_firmware
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulner…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-27689
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209570
|
7.8 |
HIGH
Local
|
ea
|
origin
|
A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-27708
|
2024-11-21 14:21 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
