|
210671
|
6.1 |
MEDIUM
Network
|
elastic
redhat
|
kibana
openshift_container_platform
|
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana conso…
|
CWE-601
Open Redirect
|
CVE-2020-27816
|
2024-11-21 14:21 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210672
|
7.5 |
HIGH
Network
|
gorillatoolkit
debian
|
websocket
debian_linux
|
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server…
|
CWE-190
CWE-400
Integer Overflow or Wraparound
Uncontrolled Resource Consumption
|
CVE-2020-27813
|
2024-11-21 14:21 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210673
|
6.7 |
MEDIUM
Local
|
quickheal
|
total_security
|
Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password.
|
CWE-521
Weak Password Requirements
|
CVE-2020-27587
|
2024-11-21 14:21 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210674
|
5.9 |
MEDIUM
Network
|
quickheal
|
total_security
|
Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-27586
|
2024-11-21 14:21 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210675
|
4.4 |
MEDIUM
Local
|
quickheal
|
total_security
|
Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password.
|
CWE-521
Weak Password Requirements
|
CVE-2020-27585
|
2024-11-21 14:21 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210676
|
9.8 |
CRITICAL
Network
|
synology
|
safeaccess
|
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
|
CWE-89
SQL Injection
|
CVE-2020-27660
|
2024-11-21 14:21 |
2020-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210677
|
4.8 |
MEDIUM
Network
|
synology
|
safeaccess
|
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27659
|
2024-11-21 14:21 |
2020-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210678
|
3.7 |
LOW
Network
|
schedmd
debian
|
slurm
debian_linux
|
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /pro…
|
CWE-362
Race Condition
|
CVE-2020-27746
|
2024-11-21 14:21 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210679
|
9.8 |
CRITICAL
Network
|
schedmd
debian
|
slurm
debian_linux
|
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-27745
|
2024-11-21 14:21 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210680
|
4.3 |
MEDIUM
Network
|
glpi-project
|
glpi
|
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-27663
|
2024-11-21 14:21 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
