|
210861
|
8.8 |
HIGH
Network
|
1e
|
client
|
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-27644
|
2024-11-21 14:21 |
2020-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210862
|
6.5 |
MEDIUM
Network
|
1e
|
client
|
The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not …
|
CWE-59
Link Following
|
CVE-2020-27643
|
2024-11-21 14:21 |
2020-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210863
|
6.4 |
MEDIUM
Physics
|
gnome
|
gnome_display_manager
|
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessin…
|
-
|
CVE-2020-27837
|
2024-11-21 14:21 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210864
|
6.1 |
MEDIUM
Network
|
techkshetrainfo
|
savsoft_quiz
|
A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27515
|
2024-11-21 14:21 |
2020-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210865
|
6.1 |
MEDIUM
Network
|
f5
|
big-ip_access_policy_manager
|
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to bui…
|
CWE-601
Open Redirect
|
CVE-2020-27729
|
2024-11-21 14:21 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210866
|
7.5 |
HIGH
Network
|
f5
|
big-ip_application_security_manager
big-ip_advanced_web_application_firewall
|
On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and re…
|
NVD-CWE-noinfo
|
CVE-2020-27728
|
2024-11-21 14:21 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210867
|
4.9 |
MEDIUM
Network
|
f5
|
big-ip_local_traffic_manager
big-ip_application_acceleration_manager
big-ip_advanced_firewall_manager
big-ip_analytics
big-ip_access_policy_manager
big-ip_application_security_manager<…
|
On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system doe…
|
CWE-20
Improper Input Validation
|
CVE-2020-27727
|
2024-11-21 14:21 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210868
|
6.1 |
MEDIUM
Network
|
f5
|
big-ip_access_policy_manager
|
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for aut…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27726
|
2024-11-21 14:21 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210869
|
7.5 |
HIGH
Network
|
f5
|
big-ip_access_policy_manager
|
In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual server processing PingAccess requests may lead to a restart of the Traffic Management Microkernel (TMM) process.
|
NVD-CWE-noinfo
|
CVE-2020-27723
|
2024-11-21 14:21 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210870
|
6.5 |
MEDIUM
Network
|
f5
|
big-ip_access_policy_manager
|
In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumpti…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-27722
|
2024-11-21 14:21 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
