|
202521
|
9.8 |
CRITICAL
Network
|
liferay
|
liferay_portal
|
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-7961
|
2024-11-21 14:38 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202522
|
7.5 |
HIGH
Network
|
trendmicro
|
officescan
apex_one
worry-free_business_security
|
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the serve…
|
NVD-CWE-noinfo
|
CVE-2020-8470
|
2024-11-21 14:38 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202523
|
8.8 |
HIGH
Network
|
trendmicro
|
officescan
apex_one
worry-free_business_security
|
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipula…
|
CWE-74
Injection
|
CVE-2020-8468
|
2024-11-21 14:38 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202524
|
8.8 |
HIGH
Network
|
trendmicro
|
officescan
apex_one
|
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An a…
|
NVD-CWE-noinfo
|
CVE-2020-8467
|
2024-11-21 14:38 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202525
|
8.1 |
HIGH
Network
|
openwrt
|
lede
openwrt
|
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded ch…
|
CWE-345
CWE-754
Insufficient Verification of Data Authenticity
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-7982
|
2024-11-21 14:38 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202526
|
7.5 |
HIGH
Network
|
golang
debian
fedoraproject
netapp
|
go
debian_linux
fedora
cloud_insights_telegraf
|
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 c…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-7919
|
2024-11-21 14:38 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202527
|
6.5 |
MEDIUM
Network
|
thimpress
|
learnpress
|
be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=le…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7916
|
2024-11-21 14:38 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202528
|
8.8 |
HIGH
Network
|
dot_project
|
dot
|
The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.
|
CWE-94
Code Injection
|
CVE-2020-8141
|
2024-11-21 14:38 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202529
|
7.8 |
HIGH
Local
|
trendmicro
|
password_manager
|
Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-8469
|
2024-11-21 14:38 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202530
|
6.1 |
MEDIUM
Network
|
metagauss
|
registrationmagic
|
XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8436
|
2024-11-21 14:38 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
