|
209131
|
4.7 |
MEDIUM
Local
|
linux
fedoraproject
oracle
|
linux_kernel
fedora
communications_cloud_native_core_binding_support_function
communications_cloud_native_core_policy
communications_cloud_native_core_network_exposure_function
|
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o…
|
-
|
CVE-2020-27820
|
2024-11-21 14:21 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209132
|
5.4 |
MEDIUM
Network
|
dynpg
|
dynpg
|
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27406
|
2024-11-21 14:21 |
2021-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209133
|
9.8 |
CRITICAL
Network
|
civetweb_project
siemens
|
civetweb
sinec_infrastructure_network_services
|
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request A…
|
CWE-22
Path Traversal
|
CVE-2020-27304
|
2024-11-21 14:21 |
2021-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209134
|
9.8 |
CRITICAL
Network
|
brandy_project
|
brandy
|
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-27372
|
2024-11-21 14:21 |
2021-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209135
|
7.8 |
HIGH
Local
|
rconfig
|
rconfig
|
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file.
|
CWE-862
Missing Authorization
|
CVE-2020-27466
|
2024-11-21 14:21 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209136
|
7.8 |
HIGH
Local
|
rconfig
|
rconfig
|
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file.
|
CWE-862
Missing Authorization
|
CVE-2020-27464
|
2024-11-21 14:21 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209137
|
8.8 |
HIGH
Network
|
seopanel
|
seopanel
|
A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Impo…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-27461
|
2024-11-21 14:21 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209138
|
6.5 |
MEDIUM
Network
|
bookingcore
|
booking_core
|
Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This res…
|
CWE-352
Origin Validation Error
|
CVE-2020-27379
|
2024-11-21 14:21 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209139
|
8.8 |
HIGH
Network
|
akkadianlabs
|
akkadian_provisioning_manager
|
An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges.
|
CWE-863
Incorrect Authorization
|
CVE-2020-27362
|
2024-11-21 14:21 |
2021-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209140
|
7.5 |
HIGH
Network
|
akkadianlabs
|
akkadian_provisioning_manager
|
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-27361
|
2024-11-21 14:21 |
2021-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
