|
210221
|
7.8 |
HIGH
Local
|
antixlinux
mxlinux
|
antix_linux
mx_linux
|
antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.
|
NVD-CWE-noinfo
|
CVE-2020-10587
|
2024-11-21 13:55 |
2020-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210222
|
7.5 |
HIGH
Network
|
q-cms
|
qcms
|
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.
|
NVD-CWE-noinfo
|
CVE-2020-10578
|
2024-11-21 13:55 |
2020-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210223
|
4.8 |
MEDIUM
Network
|
meetecho
|
janus
|
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.
|
CWE-362
Race Condition
|
CVE-2020-10577
|
2024-11-21 13:55 |
2020-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210224
|
5.9 |
MEDIUM
Network
|
meetecho
|
janus
|
An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.
|
CWE-362
Race Condition
|
CVE-2020-10576
|
2024-11-21 13:55 |
2020-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210225
|
4.2 |
MEDIUM
Network
|
meetecho
|
janus
|
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early o…
|
CWE-362
Race Condition
|
CVE-2020-10575
|
2024-11-21 13:55 |
2020-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210226
|
9.8 |
CRITICAL
Network
|
meetecho
|
janus
|
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2020-10574
|
2024-11-21 13:55 |
2020-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210227
|
7.5 |
HIGH
Network
|
meetecho
|
janus
|
An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge.
|
CWE-667
Improper Locking
|
CVE-2020-10573
|
2024-11-21 13:55 |
2020-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210228
|
9.8 |
CRITICAL
Network
|
psd-tools_project
|
psd-tools
|
An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-10571
|
2024-11-21 13:55 |
2020-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210229
|
8.8 |
HIGH
Network
|
onthegosystems
|
sitepress-multilingual-cms
|
The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of …
|
CWE-352
Origin Validation Error
|
CVE-2020-10568
|
2024-11-21 13:55 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210230
|
9.8 |
CRITICAL
Network
|
tecrail
|
responsive_filemanager
|
An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. Th…
|
CWE-20
Improper Input Validation
|
CVE-2020-10567
|
2024-11-21 13:55 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
