|
197381
|
9.8 |
CRITICAL
Network
|
avira
|
free_antivirus
|
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to tu…
|
NVD-CWE-noinfo
|
CVE-2020-8961
|
2024-11-21 14:39 |
2020-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197382
|
8.8 |
HIGH
Network
|
argoproj
|
argo_cd
|
As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privil…
|
CWE-287
CWE-1188
Improper Authentication
Insecure Default Initialization of Resource
|
CVE-2020-8828
|
2024-11-21 14:39 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197383
|
7.5 |
HIGH
Network
|
argoproj
|
argo_cd
|
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authenti…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-8827
|
2024-11-21 14:39 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197384
|
7.5 |
HIGH
Network
|
argoproj
|
argo_cd
|
As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authen…
|
CWE-384
Session Fixation
|
CVE-2020-8826
|
2024-11-21 14:39 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197385
|
5.5 |
MEDIUM
Local
|
canonical
netapp
|
ubuntu_linux
cloud_backup
steelstore_cloud_integrated_storage
solidfire_\&_hci_management_node
aff_8300_firmware
aff_8700_firmware
aff_a220_firmware
aff_a320_firmware
aff_…
|
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discover…
|
CWE-200
Information Exposure
|
CVE-2020-8832
|
2024-11-21 14:39 |
2020-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197386
|
6.5 |
MEDIUM
Local
|
linux
canonical
opensuse
|
linux_kernel
ubuntu_linux
leap
|
KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of t…
|
CWE-362
Race Condition
|
CVE-2020-8834
|
2024-11-21 14:39 |
2020-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197387
|
8.8 |
HIGH
Network
|
testlink
|
testlink
|
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an a…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-8639
|
2024-11-21 14:39 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197388
|
9.8 |
CRITICAL
Network
|
testlink
|
testlink
|
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.
|
CWE-89
SQL Injection
|
CVE-2020-8638
|
2024-11-21 14:39 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197389
|
9.8 |
CRITICAL
Network
|
testlink
|
testlink
|
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
|
CWE-89
SQL Injection
|
CVE-2020-8637
|
2024-11-21 14:39 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197390
|
8.0 |
HIGH
Adjacent
|
huawei
|
smartax_ma5600t_firmware
smartax_ma5800_firmware
smartax_ea5800_firmware
|
There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-9067
|
2024-11-21 14:39 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
