|
210631
|
7.5 |
HIGH
Network
|
frappe
|
frappe
|
In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
|
NVD-CWE-noinfo
|
CVE-2020-27508
|
2024-11-21 14:21 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210632
|
7.8 |
HIGH
Local
|
linux
redhat
netapp
|
linux_kernel
enterprise_linux
openshift_container_platform
enterprise_mrg
cloud_backup
solidfire_baseboard_management_controller
|
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.…
|
-
|
CVE-2020-27786
|
2024-11-21 14:21 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210633
|
7.8 |
HIGH
Local
|
jasper_project
fedoraproject
|
jasper
fedora
|
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data co…
|
-
|
CVE-2020-27828
|
2024-11-21 14:21 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210634
|
2.8 |
LOW
Local
|
debian
|
advanced_package_tool
|
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prio…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2020-27351
|
2024-11-21 14:21 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210635
|
5.7 |
MEDIUM
Local
|
debian
netapp
|
advanced_package_tool
solidfire_baseboard_management_controller_firmware
|
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfi…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-27350
|
2024-11-21 14:21 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210636
|
5.5 |
MEDIUM
Local
|
canonical
|
ubuntu_linux
|
Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1…
|
CWE-862
Missing Authorization
|
CVE-2020-27349
|
2024-11-21 14:21 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210637
|
7.8 |
HIGH
Local
|
anydesk
|
anydesk
|
AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation.
|
CWE-20
Improper Input Validation
|
CVE-2020-27614
|
2024-11-21 14:21 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210638
|
6.0 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MM…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27821
|
2024-11-21 14:21 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210639
|
3.3 |
LOW
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of ty…
|
-
|
CVE-2020-27758
|
2024-11-21 14:21 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210640
|
3.3 |
LOW
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The fla…
|
-
|
CVE-2020-27757
|
2024-11-21 14:21 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
