|
199651
|
9.8 |
CRITICAL
Network
|
revmakx
|
infinitewp_client
|
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.
|
CWE-862
Missing Authorization
|
CVE-2020-8772
|
2024-11-21 14:39 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199652
|
9.8 |
CRITICAL
Network
|
wptimecapsule
|
wp_time_capsule
|
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of adminis…
|
CWE-287
Improper Authentication
|
CVE-2020-8771
|
2024-11-21 14:39 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199653
|
9.8 |
CRITICAL
Network
|
opservices
|
opmon
|
An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution .
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-8636
|
2024-11-21 14:39 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199654
|
5.6 |
MEDIUM
Network
|
libslirp_project
debian
opensuse
|
libslirp
debian_linux
leap
|
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-8608
|
2024-11-21 14:39 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199655
|
8.8 |
HIGH
Network
|
bestwebsoft
|
htaccess
|
The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the p…
|
CWE-352
Origin Validation Error
|
CVE-2020-8658
|
2024-11-21 14:39 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199656
|
5.9 |
MEDIUM
Physics
|
linux
opensuse
debian
|
linux_kernel
leap
debian_linux
|
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
|
CWE-416
Use After Free
|
CVE-2020-8649
|
2024-11-21 14:39 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199657
|
7.1 |
HIGH
Local
|
linux
debian
opensuse
netapp
broadcom
canonical
|
linux_kernel
debian_linux
leap
cloud_backup
active_iq_unified_manager
solidfire_baseboard_management_controller
brocade_fabric_operating_system_firmware
hci_baseboard_management_…
|
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
|
CWE-416
Use After Free
|
CVE-2020-8648
|
2024-11-21 14:39 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199658
|
6.1 |
MEDIUM
Local
|
linux
debian
opensuse
|
linux_kernel
debian_linux
leap
|
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
|
CWE-416
Use After Free
|
CVE-2020-8647
|
2024-11-21 14:39 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199659
|
8.8 |
HIGH
Network
|
lotus_core_cms_project
|
lotus_core_cms
|
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.
|
CWE-22
Path Traversal
|
CVE-2020-8641
|
2024-11-21 14:39 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199660
|
5.5 |
MEDIUM
Local
|
canonical
opensuse
debian
|
cloud-init
leap
debian_linux
|
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
|
CWE-521
Weak Password Requirements
|
CVE-2020-8632
|
2024-11-21 14:39 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
