|
195941
|
9.8 |
CRITICAL
Network
|
eyesofnetwork
|
eyesofnetwork
|
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such …
|
CWE-89
SQL Injection
|
CVE-2020-9465
|
2024-11-21 14:40 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195942
|
8.8 |
HIGH
Network
|
centreon
|
centreon
|
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_rem…
|
CWE-78
OS Command
|
CVE-2020-9463
|
2024-11-21 14:40 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195943
|
6.1 |
MEDIUM
Network
|
gwtupload_project
|
gwtupload
|
There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which wo…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9447
|
2024-11-21 14:40 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195944
|
7.8 |
HIGH
Local
|
openvpn
|
connect
|
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dl…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-9442
|
2024-11-21 14:40 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195945
|
5.5 |
MEDIUM
Local
|
avast
|
antivirus_for_linux
antivirus_pro_plus
antivirus_pro
|
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.
|
CWE-436
Interpretation Conflict
|
CVE-2020-9399
|
2024-11-21 14:40 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195946
|
9.1 |
CRITICAL
Network
|
lua-openssl_project
|
lua-openssl
|
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-9434
|
2024-11-21 14:40 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195947
|
9.1 |
CRITICAL
Network
|
lua-openssl_project
|
lua-openssl
|
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-9433
|
2024-11-21 14:40 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195948
|
9.1 |
CRITICAL
Network
|
lua-openssl_project
|
lua-openssl
|
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-9432
|
2024-11-21 14:40 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195949
|
7.5 |
HIGH
Network
|
wireshark
opensuse
fedoraproject
debian
|
wireshark
leap
fedora
debian_linux
|
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operation…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-9431
|
2024-11-21 14:40 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195950
|
7.5 |
HIGH
Network
|
wireshark
fedoraproject
opensuse
debian
|
wireshark
fedora
leap
debian_linux
|
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.
|
CWE-20
Improper Input Validation
|
CVE-2020-9430
|
2024-11-21 14:40 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
