Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-07 | CVE-2020-29600 | Path Traversal vulnerability in multiple products In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. | 9.8 |
2020-11-19 | CVE-2019-20933 | Improper Authentication vulnerability in multiple products InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | 9.8 |
2020-11-06 | CVE-2020-25592 | Improper Authentication vulnerability in multiple products In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. | 9.8 |
2020-11-06 | CVE-2020-16846 | OS Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt through 3002. | 9.8 |
2020-11-05 | CVE-2020-17510 | Improper Authentication vulnerability in multiple products Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | 9.8 |
2020-11-02 | CVE-2020-28039 | is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | 9.1 |
2020-11-02 | CVE-2020-28037 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). | 9.8 |
2020-11-02 | CVE-2020-28036 | Missing Authorization vulnerability in multiple products wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | 9.8 |
2020-11-02 | CVE-2020-28035 | WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | 9.8 |
2020-11-02 | CVE-2020-28032 | Deserialization of Untrusted Data vulnerability in multiple products WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | 9.8 |