|
199701
|
7.5 |
HIGH
Network
|
wireshark
fedoraproject
opensuse
oracle
|
wireshark
fedora
leap
solaris
zfs_storage_appliance_kit
|
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.
|
CWE-125
CWE-193
Out-of-bounds Read
Off-by-one Error
|
CVE-2020-7044
|
2024-11-21 14:36 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199702
|
8.8 |
HIGH
Network
|
cacti
|
cacti
|
data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.
|
CWE-20
Improper Input Validation
|
CVE-2020-7058
|
2024-11-21 14:36 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199703
|
5.3 |
MEDIUM
Network
|
hikvision
|
ds-7204hghi-f1_firmware
|
Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-7057
|
2024-11-21 14:36 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199704
|
8.8 |
HIGH
Network
|
mz-automation
|
libiec61850
|
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7054
|
2024-11-21 14:36 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199705
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i…
|
CWE-416
Use After Free
|
CVE-2020-7053
|
2024-11-21 14:36 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199706
|
9.1 |
CRITICAL
Network
|
yet_another_java_service_wrapper_project
|
yet_another_java_service_wrapper
|
An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially …
|
CWE-611
XXE
|
CVE-2020-6958
|
2024-11-21 14:36 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199707
|
6.1 |
MEDIUM
Network
|
cayintech
|
smp-pro4_firmware
|
An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6955
|
2024-11-21 14:36 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199708
|
6.5 |
MEDIUM
Network
|
cayintech
|
smp-pro4_firmware
|
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_f…
|
CWE-200
Information Exposure
|
CVE-2020-6954
|
2024-11-21 14:36 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199709
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.
|
NVD-CWE-noinfo
|
CVE-2020-6832
|
2024-11-21 14:36 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199710
|
8.8 |
HIGH
Network
|
hashbrowncms
|
hashbrown_cms
|
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure t…
|
CWE-269
Improper Privilege Management
|
CVE-2020-6949
|
2024-11-21 14:36 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
