|
211671
|
7.5 |
HIGH
Network
|
mersive
|
solstice_pod_firmware
|
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authenticatio…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-27523
|
2024-11-21 14:21 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211672
|
6.5 |
MEDIUM
Adjacent
|
tcl
|
32s330_firmware
40s330_firmware
43s434_firmware
50s434_firmware
55s434_firmware
65s434_firmware
75s434_firmware
|
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to ar…
|
CWE-200
Information Exposure
|
CVE-2020-27403
|
2024-11-21 14:21 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211673
|
8.8 |
HIGH
Network
|
trendmicro
|
interscan_messaging_security_virtual_appliance
|
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.
|
NVD-CWE-noinfo
|
CVE-2020-27694
|
2024-11-21 14:21 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211674
|
4.4 |
MEDIUM
Local
|
trendmicro
|
interscan_messaging_security_virtual_appliance
|
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-27693
|
2024-11-21 14:21 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211675
|
7.5 |
HIGH
Network
|
synopsys
|
hub-rest-api-python
|
Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-27589
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211676
|
6.5 |
MEDIUM
Network
|
qemu
debian
|
qemu
debian_linux
|
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
|
CWE-617
Reachable Assertion
|
CVE-2020-27617
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211677
|
6.5 |
MEDIUM
Network
|
qemu
|
qemu
|
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
|
CWE-682
Incorrect Calculation
|
CVE-2020-27616
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211678
|
7.8 |
HIGH
Local
|
tmux_project
|
tmux
|
In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27347
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211679
|
7.5 |
HIGH
Network
|
robware
|
rvtools
|
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method f…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-27688
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211680
|
7.8 |
HIGH
Local
|
hindotech
|
hk1_box_s905x3_firmware
|
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.
|
NVD-CWE-noinfo
|
CVE-2020-27402
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
