|
198051
|
7.8 |
HIGH
Local
|
bitdefender
|
antivirus
|
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
|
CWE-74
Injection
|
CVE-2020-8093
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198052
|
5.5 |
MEDIUM
Local
|
bitdefender
|
antivirus
|
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. Thi…
|
CWE-269
Improper Privilege Management
|
CVE-2020-8092
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198053
|
5.5 |
MEDIUM
Local
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written direc…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-8448
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198054
|
9.8 |
CRITICAL
Network
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from auth…
|
CWE-416
Use After Free
|
CVE-2020-8447
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198055
|
5.5 |
MEDIUM
Local
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly…
|
CWE-22
Path Traversal
|
CVE-2020-8446
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198056
|
9.8 |
CRITICAL
Network
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those charact…
|
CWE-20
Improper Input Validation
|
CVE-2020-8445
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198057
|
9.8 |
CRITICAL
Network
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from a…
|
CWE-416
Use After Free
|
CVE-2020-8444
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198058
|
9.8 |
CRITICAL
Network
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog ms…
|
CWE-787
CWE-193
Out-of-bounds Write
Off-by-one Error
|
CVE-2020-8443
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198059
|
8.8 |
HIGH
Network
|
ossec
|
ossec
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authentica…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-8442
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198060
|
7.2 |
HIGH
Network
|
arris
|
ruckus_zoneflex_r500_firmware
|
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IF…
|
CWE-78
OS Command
|
CVE-2020-8438
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
