|
209231
|
5.5 |
MEDIUM
Local
|
uclouvain
fedoraproject
oracle
debian
|
openjpeg
fedora
outside_in_technology
debian_linux
|
A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. Th…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-27843
|
2024-11-21 14:21 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209232
|
5.5 |
MEDIUM
Local
|
uclouvain
fedoraproject
debian
redhat
oracle
|
openjpeg
fedora
extra_packages_for_enterprise_linux
debian_linux
enterprise_linux
enterprise_linux_for_power_little_endian
enterprise_linux_for_ibm_z_systems
codeready_linux_buil…
|
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest im…
|
-
|
CVE-2020-27842
|
2024-11-21 14:21 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209233
|
5.5 |
MEDIUM
Local
|
uclouvain
fedoraproject
debian
oracle
|
openjpeg
fedora
debian_linux
outside_in_technology
|
There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bo…
|
-
|
CVE-2020-27841
|
2024-11-21 14:21 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209234
|
5.3 |
MEDIUM
Network
|
docker
|
docker
|
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.T…
|
CWE-22
Path Traversal
|
CVE-2020-27534
|
2024-11-21 14:21 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209235
|
8.8 |
HIGH
Network
|
dotcms
|
dotcms
|
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sani…
|
CWE-89
SQL Injection
|
CVE-2020-27848
|
2024-11-21 14:21 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209236
|
8.8 |
HIGH
Network
|
1e
|
client
|
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-27645
|
2024-11-21 14:21 |
2020-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209237
|
8.8 |
HIGH
Network
|
1e
|
client
|
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-27644
|
2024-11-21 14:21 |
2020-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209238
|
6.5 |
MEDIUM
Network
|
1e
|
client
|
The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not …
|
CWE-59
Link Following
|
CVE-2020-27643
|
2024-11-21 14:21 |
2020-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209239
|
6.4 |
MEDIUM
Physics
|
gnome
|
gnome_display_manager
|
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessin…
|
-
|
CVE-2020-27837
|
2024-11-21 14:21 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209240
|
6.1 |
MEDIUM
Network
|
techkshetrainfo
|
savsoft_quiz
|
A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27515
|
2024-11-21 14:21 |
2020-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
