|
197021
|
6.5 |
MEDIUM
Network
|
vmware
|
tanzu_application_service_for_vms
|
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-5406
|
2024-11-21 14:34 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197022
|
6.5 |
MEDIUM
Network
|
amcrest
|
1080-lite_8ch_firmware
amdv10814-h5_firmware
ipm-721_firmware
ip2m-841_firmware
ip2m-841-v3_firmware
ip2m-853ew_firmware
ip2m-858w_firmware
ip2m-866w_firmware
ip2m-866ew_firmw…
|
Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-5736
|
2024-11-21 14:34 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197023
|
8.1 |
HIGH
Network
|
plathome
|
easyblocks_ipv6_firmware
easyblocks_ipv6_enterprise_firmware
|
Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier, and Enterprise Ver. 2.0.1 and earlier allows remote attackers to impersonate a registered user and log in the management cons…
|
CWE-384
Session Fixation
|
CVE-2020-5550
|
2024-11-21 14:34 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197024
|
8.8 |
HIGH
Network
|
plathome
|
easyblocks_ipv6_firmware
easyblocks_ipv6_enterprise_firmware
|
Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators …
|
CWE-352
Origin Validation Error
|
CVE-2020-5549
|
2024-11-21 14:34 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197025
|
8.8 |
HIGH
Network
|
amcrest
|
1080-lite_8ch_firmware
amdv10814-h5_firmware
ipm-721_firmware
ip2m-841_firmware
ip2m-841-v3_firmware
ip2m-853ew_firmware
ip2m-858w_firmware
ip2m-866w_firmware
ip2m-866ew_firmw…
|
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-5735
|
2024-11-21 14:34 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197026
|
7.5 |
HIGH
Network
|
solarwinds
|
dameware
|
Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-5734
|
2024-11-21 14:34 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197027
|
7.8 |
HIGH
Local
|
symantec
|
data_center_security
|
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to …
|
NVD-CWE-noinfo
|
CVE-2020-5832
|
2024-11-21 14:34 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197028
|
9.8 |
CRITICAL
Network
|
learndash
|
learndash
|
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2020-6009
|
2024-11-21 14:34 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197029
|
6.1 |
MEDIUM
Network
|
auth0
|
wp-auth0
|
A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5392
|
2024-11-21 14:34 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197030
|
8.8 |
HIGH
Network
|
auth0
|
wp-auth0
|
Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field.
|
CWE-352
Origin Validation Error
|
CVE-2020-5391
|
2024-11-21 14:34 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
