|
211921
|
6.3 |
MEDIUM
Local
|
spice-space
debian
fedoraproject
|
spice-vdagent
debian_linux
fedora
|
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice…
|
CWE-362
Race Condition
|
CVE-2020-25653
|
2024-11-21 14:18 |
2020-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211922
|
5.5 |
MEDIUM
Local
|
spice-space
debian
fedoraproject
|
spice-vdagent
debian_linux
fedora
|
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any …
|
-
|
CVE-2020-25652
|
2024-11-21 14:18 |
2020-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211923
|
6.4 |
MEDIUM
Local
|
spice-space
debian
fedoraproject
|
spice-vdagent
debian_linux
fedora
|
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active fil…
|
-
|
CVE-2020-25651
|
2024-11-21 14:18 |
2020-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211924
|
5.5 |
MEDIUM
Local
|
spice-space
debian
fedoraproject
|
spice-vdagent
debian_linux
fedora
|
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path …
|
-
|
CVE-2020-25650
|
2024-11-21 14:18 |
2020-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211925
|
7.2 |
HIGH
Network
|
clusterlabs
debian
|
pacemaker
debian_linux
|
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tas…
|
NVD-CWE-Other
|
CVE-2020-25654
|
2024-11-21 14:18 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211926
|
5.3 |
MEDIUM
Network
|
redhat
|
wildfly
|
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-25640
|
2024-11-21 14:18 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211927
|
9.8 |
CRITICAL
Network
|
newsscriptphp
|
news_script_php_pro
|
SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.
|
CWE-89
SQL Injection
|
CVE-2020-25475
|
2024-11-21 14:18 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211928
|
6.1 |
MEDIUM
Network
|
newsscriptphp
|
news_script_php_pro
|
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25474
|
2024-11-21 14:18 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211929
|
6.5 |
MEDIUM
Network
|
newsscriptphp
|
news_script_php_pro
|
SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.
|
NVD-CWE-Other
|
CVE-2020-25473
|
2024-11-21 14:18 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211930
|
6.5 |
MEDIUM
Network
|
newsscriptphp
|
news_script_php_pro
|
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.
|
CWE-352
Origin Validation Error
|
CVE-2020-25472
|
2024-11-21 14:18 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
