|
196931
|
7.5 |
HIGH
Network
|
redislabs
debian
fedoraproject
|
hiredis
debian_linux
fedora
|
async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-7105
|
2024-11-21 14:36 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196932
|
6.5 |
MEDIUM
Adjacent
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-7045
|
2024-11-21 14:36 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196933
|
7.5 |
HIGH
Network
|
wireshark
fedoraproject
opensuse
oracle
|
wireshark
fedora
leap
solaris
zfs_storage_appliance_kit
|
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.
|
CWE-125
CWE-193
Out-of-bounds Read
Off-by-one Error
|
CVE-2020-7044
|
2024-11-21 14:36 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196934
|
8.8 |
HIGH
Network
|
cacti
|
cacti
|
data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.
|
CWE-20
Improper Input Validation
|
CVE-2020-7058
|
2024-11-21 14:36 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196935
|
5.3 |
MEDIUM
Network
|
hikvision
|
ds-7204hghi-f1_firmware
|
Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-7057
|
2024-11-21 14:36 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196936
|
8.8 |
HIGH
Network
|
mz-automation
|
libiec61850
|
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7054
|
2024-11-21 14:36 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196937
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i…
|
CWE-416
Use After Free
|
CVE-2020-7053
|
2024-11-21 14:36 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196938
|
9.1 |
CRITICAL
Network
|
yet_another_java_service_wrapper_project
|
yet_another_java_service_wrapper
|
An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially …
|
CWE-611
XXE
|
CVE-2020-6958
|
2024-11-21 14:36 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196939
|
6.1 |
MEDIUM
Network
|
cayintech
|
smp-pro4_firmware
|
An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6955
|
2024-11-21 14:36 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196940
|
6.5 |
MEDIUM
Network
|
cayintech
|
smp-pro4_firmware
|
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_f…
|
CWE-200
Information Exposure
|
CVE-2020-6954
|
2024-11-21 14:36 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
