|
211331
|
5.5 |
MEDIUM
Local
|
intel
|
graphics_drivers
|
Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.
|
NVD-CWE-Other
|
CVE-2020-24448
|
2024-11-21 14:14 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211332
|
6.5 |
MEDIUM
Adjacent
|
bluez
|
bluez
|
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
|
NVD-CWE-noinfo
|
CVE-2020-24490
|
2024-11-21 14:14 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211333
|
7.5 |
HIGH
Network
|
uip_project
|
uip
|
An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-24335
|
2024-11-21 14:14 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211334
|
8.8 |
HIGH
Network
|
easycms
|
easycms
|
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&passwo…
|
CWE-352
Origin Validation Error
|
CVE-2020-24271
|
2024-11-21 14:14 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211335
|
7.5 |
HIGH
Network
|
winmail_project
|
winmail
|
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacke…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-23776
|
2024-11-21 14:14 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211336
|
6.1 |
MEDIUM
Network
|
winmail_project
|
winmail
|
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23774
|
2024-11-21 14:14 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211337
|
8.8 |
HIGH
Network
|
openmaint
|
openmaint
|
openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-24549
|
2024-11-21 14:14 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211338
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-24085
|
2024-11-21 14:14 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211339
|
8.8 |
HIGH
Network
|
assaabloy
|
yale_wipc-303w_firmware
|
The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176
|
CWE-78
OS Command
|
CVE-2020-23826
|
2024-11-21 14:14 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211340
|
9.8 |
CRITICAL
Network
|
live555
|
liblivemedia
|
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24027
|
2024-11-21 14:14 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
