|
210341
|
8.1 |
HIGH
Network
|
terra-master
|
tos
|
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS
|
NVD-CWE-noinfo
|
CVE-2020-29189
|
2024-11-21 14:23 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210342
|
7.1 |
HIGH
Local
|
malwarebytes
|
malwarebytes
endpoint_protection
|
In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system.
|
CWE-59
Link Following
|
CVE-2020-28641
|
2024-11-21 14:23 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210343
|
8.8 |
HIGH
Network
|
odoo
|
odoo
|
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leadi…
|
NVD-CWE-noinfo
|
CVE-2020-29396
|
2024-11-21 14:23 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210344
|
6.5 |
MEDIUM
Network
|
sonatype
|
nexus_repository_manager
|
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.…
|
CWE-611
XXE
|
CVE-2020-29436
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210345
|
8.8 |
HIGH
Network
|
epson
|
eps_tse_server_8_firmware
|
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by…
|
CWE-352
Origin Validation Error
|
CVE-2020-28931
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210346
|
5.4 |
MEDIUM
Network
|
epson
|
eps_tse_server_8_firmware
|
A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaSc…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28930
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210347
|
9.8 |
CRITICAL
Network
|
epson
|
eps_tse_server_8_firmware
|
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenan…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-28929
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210348
|
7.5 |
HIGH
Network
|
p11-kit_project
debian
oracle
|
p11-kit
debian_linux
communications_cloud_native_core_policy
|
An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29363
|
2024-11-21 14:23 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210349
|
5.3 |
MEDIUM
Network
|
p11-kit_project
|
p11-kit
|
An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-29362
|
2024-11-21 14:23 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210350
|
7.5 |
HIGH
Network
|
p11-kit_project
debian
|
p11-kit
debian_linux
|
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-29361
|
2024-11-21 14:23 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
