|
209761
|
7.5 |
HIGH
Network
|
libproxy_project
debian
fedoraproject
opensuse
canonical
|
libproxy
debian_linux
fedora
leap
ubuntu_linux
|
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. T…
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-25219
|
2024-11-21 14:17 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209762
|
7.3 |
HIGH
Network
|
primekey
|
ejbca
|
An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnera…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-25276
|
2024-11-21 14:17 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209763
|
7.8 |
HIGH
Local
|
linux
netapp
|
linux_kernel
cloud_backup
solidfire_\&_hci_management_node
hci_compute_node
solidfire_baseboard_management_controller
solidfire\
_enterprise_sds_\&_hci_storage_node
|
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page tha…
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2020-25221
|
2024-11-21 14:17 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209764
|
9.8 |
CRITICAL
Network
|
webdesi9
|
file_manager
|
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to hav…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25213
|
2024-11-21 14:17 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209765
|
7.0 |
HIGH
Local
|
linux
debian
opensuse
canonical
|
linux_kernel
debian_linux
leap
ubuntu_linux
|
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nf…
|
CWE-787
CWE-367
Out-of-bounds Write
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-25212
|
2024-11-21 14:17 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209766
|
6.0 |
MEDIUM
Local
|
linux
debian
fedoraproject
|
linux_kernel
debian_linux
fedora
|
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctn…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-25211
|
2024-11-21 14:17 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209767
|
7.8 |
HIGH
Local
|
gnupg
gpg4win
|
gnupg
gpg4win
|
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD pre…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-25125
|
2024-11-21 14:17 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209768
|
4.8 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25124
|
2024-11-21 14:17 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209769
|
4.8 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25123
|
2024-11-21 14:17 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209770
|
4.8 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25122
|
2024-11-21 14:17 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
