CVE-2020-25643

HIGH Year: 2020
CVSS v3 Score
7.2
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-20
View all →

Vulnerability Description

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Related Vulnerabilities

CVE-2011-3611

HIGH
CVSS:7.2(High)

A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.

CWE-202011

CVE-2014-5362

HIGH
CVSS:7.2(High)

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ...

CWE-202014

CVE-2015-2202

HIGH
CVSS:7.2(High)

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.

CWE-202015

CVE-2016-3654

HIGH
CVSS:7.2(High)

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote aut...

CWE-202016

CVE-2016-5840

HIGH
CVSS:7.2(High)

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename ...

CWE-202016

CVE-2017-12148

HIGH
CVSS:7.2(High)

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacke...

CWE-202017