|
201531
|
7.1 |
HIGH
Local
|
linux
debian
opensuse
netapp
broadcom
canonical
|
linux_kernel
debian_linux
leap
cloud_backup
active_iq_unified_manager
solidfire_baseboard_management_controller
brocade_fabric_operating_system_firmware
hci_baseboard_management_…
|
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
|
CWE-416
Use After Free
|
CVE-2020-8648
|
2024-11-21 14:39 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201532
|
6.1 |
MEDIUM
Local
|
linux
debian
opensuse
|
linux_kernel
debian_linux
leap
|
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
|
CWE-416
Use After Free
|
CVE-2020-8647
|
2024-11-21 14:39 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201533
|
8.8 |
HIGH
Network
|
lotus_core_cms_project
|
lotus_core_cms
|
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.
|
CWE-22
Path Traversal
|
CVE-2020-8641
|
2024-11-21 14:39 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201534
|
5.5 |
MEDIUM
Local
|
canonical
opensuse
debian
|
cloud-init
leap
debian_linux
|
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
|
CWE-521
Weak Password Requirements
|
CVE-2020-8632
|
2024-11-21 14:39 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201535
|
5.5 |
MEDIUM
Local
|
canonical
opensuse
debian
|
cloud-init
leap
debian_linux
|
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice funct…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-8631
|
2024-11-21 14:39 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201536
|
6.5 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legiti…
|
CWE-352
Origin Validation Error
|
CVE-2020-8615
|
2024-11-21 14:39 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201537
|
9.8 |
CRITICAL
Network
|
point-to-point_protocol_project
wago
debian
canonical
|
point-to-point_protocol
pfc_firmware
debian_linux
ubuntu_linux
|
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-8597
|
2024-11-21 14:39 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201538
|
9.8 |
CRITICAL
Network
|
eginnovations
|
eg_manager
|
eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).
|
CWE-89
SQL Injection
|
CVE-2020-8592
|
2024-11-21 14:39 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201539
|
9.8 |
CRITICAL
Network
|
eginnovations
|
eg_manager
|
eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.
|
CWE-287
Improper Authentication
|
CVE-2020-8591
|
2024-11-21 14:39 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201540
|
6.1 |
MEDIUM
Network
|
wpchill
|
strong_testimonials
|
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8549
|
2024-11-21 14:39 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
