CVE-2020-7995
published 2020-01-26CVE-2020-7995: The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.54%
90.4th percentile
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr_erp_crm | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Dolibarr Improper Restriction of Excessive Authentication Attempts
ghsa·2022-05-24
CVE-2020-7995 [CRITICAL] CWE-287 Dolibarr Improper Restriction of Excessive Authentication Attempts
Dolibarr Improper Restriction of Excessive Authentication Attempts
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
OSV
Dolibarr Improper Restriction of Excessive Authentication Attempts
osv·2022-05-24
CVE-2020-7995 [CRITICAL] Dolibarr Improper Restriction of Excessive Authentication Attempts
Dolibarr Improper Restriction of Excessive Authentication Attempts
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
OSV
CVE-2020-7995: The htdocs/index
osv·2020-01-26·CVSS 9.8
CVE-2020-7995 [CRITICAL] CVE-2020-7995: The htdocs/index
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
Red Hat
kernel: drop_monitor: fix incorrect initialization order
vendor_redhat·2025-03-12·CVSS 5.5
CVE-2025-21862 [MEDIUM] CWE-908 kernel: drop_monitor: fix incorrect initialization order
kernel: drop_monitor: fix incorrect initialization order
In the Linux kernel, the following vulnerability has been resolved:
drop_monitor: fix incorrect initialization order
Syzkaller reports the following bug:
BUG: spinlock bad magic on CPU#1, syz-executor.0/7995
lock: 0xffff88805303f3e0, .magic: 00000000, .owner: /-1, .owner_cpu: 0
CPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x119/0x179 lib/dump_stack.c:118
debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]
do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [
No detection rules found.
No public exploits indexed.
arXiv
VulRG: Multi-Level Explainable Vulnerability Patch Ranking for Complex Systems Using Graphs
arxiv_fulltext·2025-02-16
VulRG: Multi-Level Explainable Vulnerability Patch Ranking for Complex Systems Using Graphs
VulRG: Multi-Level Explainable Vulnerability Patch Ranking for Complex Systems Using Graphs
Yuning Jiang
[email protected]
0000-0003-4791-8452
National University of Singapore
Singapore
Nay Oo
[email protected]
NCS Cyber Special Ops R&D
Singapore
Qiaoran Meng
[email protected]
National University of Singapore
Singapore
Hoon Wei Lim
[email protected]
NCS Cyber Special Ops R&D
Singapore
Biplab Sikdar
[email protected]
National University of Singapore
Singapore
Jiang et al.
## Abstract
As interconnected systems proliferate, safeguarding complex infrastructures against an escalating array of cyber threats has become an urgent challenge. The growing number of vulnerabilities, coupled with resource constraints, makes addressing every vulnerability impractical, thereby rende
Bugzilla
CVE-2025-21862 kernel: drop_monitor: fix incorrect initialization order
bugzilla·2025-03-12·CVSS 5.5
CVE-2025-21862 [MEDIUM] CVE-2025-21862 kernel: drop_monitor: fix incorrect initialization order
CVE-2025-21862 kernel: drop_monitor: fix incorrect initialization order
In the Linux kernel, the following vulnerability has been resolved:
drop_monitor: fix incorrect initialization order
Syzkaller reports the following bug:
BUG: spinlock bad magic on CPU#1, syz-executor.0/7995
lock: 0xffff88805303f3e0, .magic: 00000000, .owner: /-1, .owner_cpu: 0
CPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x119/0x179 lib/dump_stack.c:118
debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]
do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112
__raw_spin_lock_irqsave include/linux/spinlo
http://packetstormsecurity.com/files/163541/Dolibarr-ERP-CRM-10.0.6-Login-Brute-Forcer.htmlhttps://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.mdhttps://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.htmlhttp://packetstormsecurity.com/files/163541/Dolibarr-ERP-CRM-10.0.6-Login-Brute-Forcer.htmlhttps://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.mdhttps://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html
2020-01-26
Published