CVE-2019-5543

For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

Source: CVE-2019-5543

CVE-2020-5844

index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.

Source: CVE-2020-5844

CVE-2020-5847

Unraid through 6.8.0 allows Remote Code Execution.

Source: CVE-2020-5847

CVE-2020-5849

Unraid 6.8.0 allows authentication bypass.

Source: CVE-2020-5849

CVE-2020-6582

Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.

Source: CVE-2020-6582

CVE-2019-19946

The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team.

Source: CVE-2019-19946

CVE-2019-19945

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value.

Source: CVE-2019-19945

CVE-2019-19821

A post-authentication privilege escalation in the web application of Combodo iTop before 2.7 allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses.

Source: CVE-2019-19821

CVE-2020-6584

Nagios Log Server 2.1.3 has Incorrect Access Control.

Source: CVE-2020-6584

CVE-2020-6990

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.

Source: CVE-2020-6990