CVE-2020-12764
Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal.
Source: CVE-2020-12764
[월:] 2020년 05월
CVE-2020-12765
CVE-2020-12765
Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal.
Source: CVE-2020-12765
CVE-2020-12766
CVE-2020-12766
Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter.
Source: CVE-2020-12766
CVE-2020-12761
CVE-2020-12761
modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.
Source: CVE-2020-12761
CVE-2019-20794
CVE-2019-20794
An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace’s pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.
Source: CVE-2019-20794
CVE-2020-12762
CVE-2020-12762
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
Source: CVE-2020-12762
CVE-2020-12637
CVE-2020-12637
Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option.
Source: CVE-2020-12637
CVE-2020-12755
CVE-2020-12755
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.
Source: CVE-2020-12755
CVE-2020-11532
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user.
Source: CVE-2020-11532
CVE-2020-11531
CVE-2020-11531
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal.
Source: CVE-2020-11531