|
210141
|
7.8 |
HIGH
Local
|
exim
|
exim
|
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input s…
|
CWE-269
Improper Privilege Management
|
CVE-2020-28008
|
2024-11-21 14:22 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210142
|
7.8 |
HIGH
Local
|
exim
|
exim
|
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting crit…
|
CWE-59
Link Following
|
CVE-2020-28007
|
2024-11-21 14:22 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210143
|
5.4 |
MEDIUM
Network
|
online_discussion_forum_project
|
online_discussion_forum
|
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28141
|
2024-11-21 14:22 |
2021-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210144
|
8.1 |
HIGH
Network
|
cosori
|
cs158-af_firmware
|
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker…
|
NVD-CWE-Other
|
CVE-2020-28593
|
2024-11-21 14:22 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210145
|
9.8 |
CRITICAL
Network
|
cosori
|
cs158-af_firmware
|
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28592
|
2024-11-21 14:22 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210146
|
5.4 |
MEDIUM
Network
|
lavalite
|
lavalite
|
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28124
|
2024-11-21 14:22 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210147
|
6.5 |
MEDIUM
Network
|
slic3r
|
libslic3r
|
An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-28590
|
2024-11-21 14:22 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210148
|
7.8 |
HIGH
Local
|
apple
|
mac_os_x
macos
|
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27952
|
2024-11-21 14:22 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210149
|
7.8 |
HIGH
Local
|
apple
|
ipados
iphone_os
watchos
|
This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy vi…
|
NVD-CWE-noinfo
|
CVE-2020-27951
|
2024-11-21 14:22 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210150
|
5.5 |
MEDIUM
Local
|
apple
|
mac_os_x
macos
|
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicio…
|
NVD-CWE-noinfo
|
CVE-2020-27949
|
2024-11-21 14:22 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
