|
209481
|
6.7 |
MEDIUM
Local
|
redhat
opensuse
|
libvirt
leap
|
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects…
|
-
|
CVE-2020-25637
|
2024-11-21 14:18 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209482
|
7.5 |
HIGH
Network
|
ruby-lang
fedoraproject
|
ruby
webrick
fedora
|
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigoro…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-25613
|
2024-11-21 14:18 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209483
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. Th…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2020-25635
|
2024-11-21 14:18 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209484
|
7.1 |
HIGH
Local
|
redhat
|
ansible
|
A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to hav…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-25636
|
2024-11-21 14:18 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209485
|
7.8 |
HIGH
Local
|
trendmicro
|
antivirus
|
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. …
|
CWE-59
Link Following
|
CVE-2020-25776
|
2024-11-21 14:18 |
2020-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209486
|
7.5 |
HIGH
Network
|
erlang
|
erlang\/otp
|
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.
|
CWE-22
Path Traversal
|
CVE-2020-25623
|
2024-11-21 14:18 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209487
|
3.2 |
LOW
Local
|
qemu
|
qemu
|
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-25741
|
2024-11-21 14:18 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209488
|
4.8 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript …
|
CWE-79
Cross-site Scripting
|
CVE-2020-25830
|
2024-11-21 14:18 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209489
|
4.3 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these note…
|
CWE-862
Missing Authorization
|
CVE-2020-25781
|
2024-11-21 14:18 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209490
|
6.8 |
MEDIUM
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.…
|
NVD-CWE-noinfo
|
CVE-2020-25816
|
2024-11-21 14:18 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
