|
214871
|
7.0 |
HIGH
Local
|
linux
canonical
debian
fedoraproject
netapp
|
linux_kernel
ubuntu_linux
debian_linux
fedora
cloud_backup
element_software
steelstore_cloud_integrated_storage
solidfire
hci_management_node
active_iq_unified_manager
s…
|
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails…
|
CWE-362
Race Condition
|
CVE-2020-11884
|
2024-11-21 13:58 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214872
|
3.3 |
LOW
Local
|
qemu
|
qemu
|
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write op…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-11869
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214873
|
8.8 |
HIGH
Network
|
opmantek
|
open-audit
|
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
|
CWE-78
OS Command
|
CVE-2020-11941
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214874
|
6.1 |
MEDIUM
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11822
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214875
|
5.3 |
MEDIUM
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-11821
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214876
|
9.8 |
CRITICAL
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specif…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11817
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214877
|
3.7 |
LOW
Network
|
openvpn
debian
fedoraproject
|
openvpn
debian_linux
fedora
|
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arri…
|
CWE-362
Race Condition
|
CVE-2020-11810
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214878
|
9.8 |
CRITICAL
Network
|
squid-cache
debian
opensuse
fedoraproject
canonical
|
squid
debian_linux
leap
fedora
ubuntu_linux
|
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the att…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-11945
|
2024-11-21 13:58 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214879
|
7.5 |
HIGH
Network
|
ntop
|
ndpi
|
In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment m…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-11940
|
2024-11-21 13:58 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214880
|
9.8 |
CRITICAL
Network
|
ntop
|
ndpi
|
In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular natu…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-11939
|
2024-11-21 13:58 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
