|
202521
|
8.8 |
HIGH
Network
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authentica…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-8442
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202522
|
7.2 |
HIGH
Network
|
arris
|
ruckus_zoneflex_r500_firmware
|
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IF…
|
CWE-78
OS Command
|
CVE-2020-8438
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202523
|
9.8 |
CRITICAL
Network
|
denx
opensuse
|
u-boot
leap
|
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute…
|
CWE-787
CWE-415
Out-of-bounds Write
Double Free
|
CVE-2020-8432
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202524
|
7.5 |
HIGH
Network
|
iktm
|
bearftp
|
IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-8416
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202525
|
8.8 |
HIGH
Network
|
webargs_project
|
webargs
|
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the …
|
CWE-352
Origin Validation Error
|
CVE-2020-7965
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202526
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel …
|
CWE-416
Use After Free
|
CVE-2020-8428
|
2024-11-21 14:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202527
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8426
|
2024-11-21 14:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202528
|
6.5 |
MEDIUM
Network
|
cups_easy_\(purchase_\&_inventory\)_project
|
cups_easy_\(purchase_\&_inventory\)
|
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.
|
CWE-352
Origin Validation Error
|
CVE-2020-8425
|
2024-11-21 14:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202529
|
8.8 |
HIGH
Network
|
cups_easy_project
|
cups_easy
|
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php.
|
CWE-352
Origin Validation Error
|
CVE-2020-8424
|
2024-11-21 14:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202530
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8421
|
2024-11-21 14:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
