|
199181
|
5.4 |
MEDIUM
Network
|
enviragallery
|
envira_gallery
|
A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inje…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9334
|
2024-11-21 14:40 |
2020-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199182
|
7.1 |
HIGH
Local
|
linux
debian
opensuse
canonical
netapp
|
linux_kernel
debian_linux
leap
ubuntu_linux
cloud_backup
steelstore_cloud_integrated_storage
data_availability_services
solidfire
hci_management_node
active_iq_unified_mana…
|
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before a…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-9383
|
2024-11-21 14:40 |
2020-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199183
|
7.5 |
HIGH
Network
|
zint
|
zint
|
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-9385
|
2024-11-21 14:40 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199184
|
5.4 |
MEDIUM
Network
|
widgets_project
|
widgets
|
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via Med…
|
CWE-74
Injection
|
CVE-2020-9382
|
2024-11-21 14:40 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199185
|
7.5 |
HIGH
Network
|
totaljs
|
total.js_cms
|
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.
|
CWE-863
Incorrect Authorization
|
CVE-2020-9381
|
2024-11-21 14:40 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199186
|
9.8 |
CRITICAL
Network
|
tp-link
|
tl-wr849n_firmware
|
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's tracerou…
|
CWE-78
OS Command
|
CVE-2020-9374
|
2024-11-21 14:40 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199187
|
7.5 |
HIGH
Network
|
sympa
fedoraproject
debian
|
sympa
fedora
debian_linux
|
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with mal…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-9369
|
2024-11-21 14:40 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199188
|
9.8 |
CRITICAL
Network
|
gnu
|
screen
|
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly hav…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-9366
|
2024-11-21 14:40 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199189
|
7.5 |
HIGH
Network
|
pureftpd
fedoraproject
|
pure-ftpd
fedora
|
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-9365
|
2024-11-21 14:40 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199190
|
7.8 |
HIGH
Local
|
sophos
|
cloud_optix
mobile
intercept_x_endpoint
intercept_x_for_server
secure_web_gateway
endpoint_protection
|
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Se…
|
CWE-436
Interpretation Conflict
|
CVE-2020-9363
|
2024-11-21 14:40 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
