|
209801
|
4.8 |
MEDIUM
Network
|
gnu
fedoraproject
netapp
|
glibc
fedora
e-series_santricity_os_controller
|
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, …
|
CWE-617
Reachable Assertion
|
CVE-2020-29562
|
2024-11-21 14:24 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209802
|
5.5 |
MEDIUM
Local
|
boom-core
|
risvc-boom
|
An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a reservation in the case where a load translates successfully but still generates an exception.
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-29561
|
2024-11-21 14:24 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209803
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimi…
|
NVD-CWE-Other
|
CVE-2020-29534
|
2024-11-21 14:24 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209804
|
7.5 |
HIGH
Network
|
hashicorp
|
go-slug
|
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed…
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2020-29529
|
2024-11-21 14:24 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209805
|
8.8 |
HIGH
Network
|
textpattern
|
textpattern
|
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
|
CWE-352
Origin Validation Error
|
CVE-2020-29458
|
2024-11-21 14:24 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209806
|
4.3 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
|
CWE-863
Incorrect Authorization
|
CVE-2020-29454
|
2024-11-21 14:24 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209807
|
6.1 |
MEDIUM
Network
|
papermerge
|
papermerge
|
Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29456
|
2024-11-21 14:24 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209808
|
6.5 |
MEDIUM
Network
|
outsystems
|
outsystems
|
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29441
|
2024-11-21 14:24 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209809
|
4.6 |
MEDIUM
Physics
|
tesla
|
model_x_firmware
|
Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a veh…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-29440
|
2024-11-21 14:24 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209810
|
4.6 |
MEDIUM
Physics
|
tesla
|
model_x_firmware
|
Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN…
|
NVD-CWE-noinfo
|
CVE-2020-29439
|
2024-11-21 14:24 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
