|
197511
|
9.8 |
CRITICAL
Network
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from auth…
|
CWE-416
Use After Free
|
CVE-2020-8447
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197512
|
5.5 |
MEDIUM
Local
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly…
|
CWE-22
Path Traversal
|
CVE-2020-8446
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197513
|
9.8 |
CRITICAL
Network
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those charact…
|
CWE-20
Improper Input Validation
|
CVE-2020-8445
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197514
|
9.8 |
CRITICAL
Network
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from a…
|
CWE-416
Use After Free
|
CVE-2020-8444
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197515
|
9.8 |
CRITICAL
Network
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog ms…
|
CWE-787
CWE-193
Out-of-bounds Write
Off-by-one Error
|
CVE-2020-8443
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197516
|
8.8 |
HIGH
Network
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authentica…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-8442
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197517
|
7.2 |
HIGH
Network
|
arris
|
ruckus_zoneflex_r500_firmware
|
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IF…
|
CWE-78
OS Command
|
CVE-2020-8438
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197518
|
9.8 |
CRITICAL
Network
|
denx
opensuse
|
u-boot
leap
|
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute…
|
CWE-787
CWE-415
Out-of-bounds Write
Double Free
|
CVE-2020-8432
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197519
|
7.5 |
HIGH
Network
|
iktm
|
bearftp
|
IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-8416
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197520
|
8.8 |
HIGH
Network
|
webargs_project
|
webargs
|
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the …
|
CWE-352
Origin Validation Error
|
CVE-2020-7965
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
