CVE-2020-7920
pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.
Source: CVE-2020-7920
[월:] 2020년 02월
CVE-2020-6767
CVE-2020-6767
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.
Source: CVE-2020-6767
CVE-2020-7953
CVE-2020-7953
An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option.
Source: CVE-2020-7953
CVE-2020-8636
CVE-2020-8636
An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution .
Source: CVE-2020-8636
CVE-2020-8771
CVE-2020-8771
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
Source: CVE-2020-8771
CVE-2020-8608
CVE-2020-8608
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
Source: CVE-2020-8608
CVE-2020-6855
CVE-2020-6855
A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial of service.
Source: CVE-2020-6855
CVE-2020-7954
CVE-2020-7954
An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server’s sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo.
Source: CVE-2020-7954
CVE-2019-19800
CVE-2019-19800
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.
Source: CVE-2019-19800
CVE-2019-12426
CVE-2019-12426
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06
Source: CVE-2019-12426