Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10483 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request. | |||||
| CVE-2020-10482 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request. | |||||
| CVE-2020-10481 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request. | |||||
| CVE-2020-10479 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request. | |||||
| CVE-2020-10486 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request. | |||||
| CVE-2020-10485 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request. | |||||
| CVE-2020-10484 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request. | |||||
| CVE-2020-6615 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-09-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). | |||||
| CVE-2020-6611 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-09-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. | |||||
| CVE-2020-6609 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-09-12 | 6.8 MEDIUM | 8.8 HIGH |
| GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. | |||||
| CVE-2020-6614 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-09-12 | 5.8 MEDIUM | 8.1 HIGH |
| GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. | |||||
| CVE-2020-6613 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-09-12 | 5.8 MEDIUM | 8.1 HIGH |
| GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. | |||||
| CVE-2020-6612 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-09-12 | 5.8 MEDIUM | 8.1 HIGH |
| GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. | |||||
| CVE-2020-8448 | 1 Ossec | 1 Ossec | 2022-09-12 | 2.1 LOW | 5.5 MEDIUM |
| In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the analysisd UNIX domain socket by a local user. | |||||
| CVE-2020-8447 | 1 Ossec | 1 Ossec | 2022-09-12 | 7.5 HIGH | 9.8 CRITICAL |
| In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). | |||||
| CVE-2020-8442 | 1 Ossec | 1 Ossec | 2022-09-12 | 6.5 MEDIUM | 8.8 HIGH |
| In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client. | |||||
| CVE-2020-8446 | 1 Ossec | 1 Ossec | 2022-09-12 | 2.1 LOW | 5.5 MEDIUM |
| In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user. | |||||
| CVE-2020-8445 | 1 Ossec | 1 Ossec | 2022-09-12 | 10.0 HIGH | 9.8 CRITICAL |
| In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are permitted in messages processed by ossec-analysisd, it may be possible to inject nested events into the ossec log. Use of terminal control characters may allow obfuscating events or executing commands when viewed through vulnerable terminal emulators. This may be an unauthenticated remote attack for certain types and origins of logged data. | |||||
| CVE-2020-8444 | 1 Ossec | 1 Ossec | 2022-09-12 | 7.5 HIGH | 9.8 CRITICAL |
| In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). | |||||
| CVE-2022-37780 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2022-09-12 | N/A | 7.2 HIGH |
| Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function. | |||||