|
201231
|
4.7 |
MEDIUM
Local
|
opensmtpd
fedoraproject
canonical
|
opensmtpd
fedora
ubuntu_linux
|
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offl…
|
CWE-426
CWE-367
Untrusted Search Path
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-8793
|
2024-11-21 14:39 |
2020-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201232
|
8.1 |
HIGH
Network
|
cardgate
|
cardgate_payments
|
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attack…
|
CWE-346
Origin Validation Error
|
CVE-2020-8819
|
2024-11-21 14:39 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201233
|
8.1 |
HIGH
Network
|
cardgate
adobe
|
cardgate_payments
magento
|
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows a…
|
CWE-346
Origin Validation Error
|
CVE-2020-8818
|
2024-11-21 14:39 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201234
|
9.8 |
CRITICAL
Network
|
couchbase
|
couchbase_server
|
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticat…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-9039
|
2024-11-21 14:39 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201235
|
8.8 |
HIGH
Network
|
cacti
fedoraproject
opmantek
opensuse
debian
|
cacti
fedora
open-audit
suse_package_hub
debian_linux
|
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
|
CWE-78
OS Command
|
CVE-2020-8813
|
2024-11-21 14:39 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201236
|
8.8 |
HIGH
Adjacent
|
dlink
|
dap-2610_firmware
|
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this …
|
CWE-287
Improper Authentication
|
CVE-2020-8862
|
2024-11-21 14:39 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201237
|
8.8 |
HIGH
Adjacent
|
dlink
|
dap-1330_firmware
|
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploi…
|
CWE-287
Improper Authentication
|
CVE-2020-8861
|
2024-11-21 14:39 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201238
|
8.0 |
HIGH
Adjacent
|
google
|
android
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-8860
|
2024-11-21 14:39 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201239
|
6.1 |
MEDIUM
Network
|
westerndigital
|
mycloud.com
|
Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8960
|
2024-11-21 14:39 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201240
|
7.8 |
HIGH
Local
|
trendmicro
|
vulnerability_protection
|
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-8601
|
2024-11-21 14:39 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
