|
213061
|
7.8 |
HIGH
Local
|
360
|
speed_browser
|
360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-24158
|
2024-11-21 14:14 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213062
|
6.1 |
MEDIUM
Network
|
xuxueli
|
xxl-job
|
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23814
|
2024-11-21 14:14 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213063
|
7.5 |
HIGH
Network
|
xuxueli
|
xxl-job
|
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.
|
NVD-CWE-noinfo
|
CVE-2020-23811
|
2024-11-21 14:14 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213064
|
5.5 |
MEDIUM
Local
|
midnightbsd
freebsd
|
midnightbsd
freebsd
|
In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. Duri…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-24385
|
2024-11-21 14:14 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213065
|
6.1 |
MEDIUM
Network
|
golang
fedoraproject
opensuse
oracle
|
go
fedora
leap
communications_cloud_native_core_policy
|
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24553
|
2024-11-21 14:14 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213066
|
9.8 |
CRITICAL
Network
|
forlogic
|
qualiex
|
ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse.
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2020-24030
|
2024-11-21 14:14 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213067
|
9.8 |
CRITICAL
Network
|
forlogic
|
qualiex
|
Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request.
|
CWE-287
Improper Authentication
|
CVE-2020-24029
|
2024-11-21 14:14 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213068
|
8.8 |
HIGH
Network
|
forlogic
|
qualiex
|
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates.
|
NVD-CWE-noinfo
|
CVE-2020-24028
|
2024-11-21 14:14 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213069
|
7.1 |
HIGH
Network
|
stock_management_system_project
|
stock_management_system
|
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victi…
|
CWE-352
Origin Validation Error
|
CVE-2020-23830
|
2024-11-21 14:14 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213070
|
9.8 |
CRITICAL
Network
|
zyxel
|
vmg5313-b30b_firmware
|
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with e…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-24355
|
2024-11-21 14:14 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
