|
210781
|
9.8 |
CRITICAL
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execut…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28578
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210782
|
7.5 |
HIGH
Network
|
trendmicro
|
worry-free_business_security
|
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability a…
|
CWE-22
Path Traversal
|
CVE-2020-28574
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210783
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.
|
NVD-CWE-noinfo
|
CVE-2020-28572
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210784
|
7.5 |
HIGH
Network
|
golang
|
go
|
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
|
CWE-94
Code Injection
|
CVE-2020-28367
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210785
|
7.5 |
HIGH
Network
|
golang
fedoraproject
netapp
|
go
fedora
trident
cloud_insights_telegraf_agent
|
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
|
CWE-94
Code Injection
|
CVE-2020-28366
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210786
|
7.5 |
HIGH
Network
|
golang
fedoraproject
netapp
|
go
fedora
trident
cloud_insights_telegraf_agent
|
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-28362
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210787
|
7.5 |
HIGH
Network
|
cxuu
|
cxuucms
|
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
|
CWE-89
SQL Injection
|
CVE-2020-28091
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210788
|
6.5 |
MEDIUM
Network
|
tp-link
|
tl-wpa4220_firmware
|
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admi…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-28005
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210789
|
5.4 |
MEDIUM
Network
|
kamailio
|
kamailio
|
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. …
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-28361
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210790
|
9.8 |
CRITICAL
Network
|
water_billing_system_project
|
water_billing_system
|
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
|
CWE-89
SQL Injection
|
CVE-2020-28183
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
