|
198061
|
9.8 |
CRITICAL
Network
|
denx
opensuse
|
u-boot
leap
|
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute…
|
CWE-787
CWE-415
Out-of-bounds Write
Double Free
|
CVE-2020-8432
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198062
|
7.5 |
HIGH
Network
|
iktm
|
bearftp
|
IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-8416
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198063
|
8.8 |
HIGH
Network
|
webargs_project
|
webargs
|
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the …
|
CWE-352
Origin Validation Error
|
CVE-2020-7965
|
2024-11-21 14:38 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198064
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel …
|
CWE-416
Use After Free
|
CVE-2020-8428
|
2024-11-21 14:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198065
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8426
|
2024-11-21 14:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198066
|
6.5 |
MEDIUM
Network
|
cups_easy_\(purchase_\&_inventory\)_project
|
cups_easy_\(purchase_\&_inventory\)
|
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.
|
CWE-352
Origin Validation Error
|
CVE-2020-8425
|
2024-11-21 14:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198067
|
8.8 |
HIGH
Network
|
cups_easy_project
|
cups_easy
|
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php.
|
CWE-352
Origin Validation Error
|
CVE-2020-8424
|
2024-11-21 14:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198068
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8421
|
2024-11-21 14:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198069
|
8.8 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
|
CWE-352
Origin Validation Error
|
CVE-2020-8420
|
2024-11-21 14:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198070
|
8.8 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.
|
CWE-352
Origin Validation Error
|
CVE-2020-8419
|
2024-11-21 14:38 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
