|
210891
|
3.3 |
LOW
Local
|
qemu
|
qemu
|
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write op…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-11869
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210892
|
8.8 |
HIGH
Network
|
opmantek
|
open-audit
|
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
|
CWE-78
OS Command
|
CVE-2020-11941
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210893
|
6.1 |
MEDIUM
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11822
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210894
|
5.3 |
MEDIUM
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-11821
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210895
|
9.8 |
CRITICAL
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specif…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11817
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210896
|
3.7 |
LOW
Network
|
openvpn
debian
fedoraproject
|
openvpn
debian_linux
fedora
|
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arri…
|
CWE-362
Race Condition
|
CVE-2020-11810
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210897
|
9.8 |
CRITICAL
Network
|
squid-cache
debian
opensuse
fedoraproject
canonical
|
squid
debian_linux
leap
fedora
ubuntu_linux
|
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the att…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-11945
|
2024-11-21 13:58 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210898
|
7.5 |
HIGH
Network
|
ntop
|
ndpi
|
In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment m…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-11940
|
2024-11-21 13:58 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210899
|
9.8 |
CRITICAL
Network
|
ntop
|
ndpi
|
In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular natu…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-11939
|
2024-11-21 13:58 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210900
|
5.9 |
MEDIUM
Network
|
mailstore
|
mailstore_server
|
In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-11806
|
2024-11-21 13:58 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
