| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-35012 | Events Manager < 5.9.8 - Admin+ SQL Injection | E S | |
| CVE-2020-35037 | Events Manager < 5.9.8 - Cross-Site Scripting (XSS) | E S | |
| CVE-2020-35076 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35090 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35110 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35111 | When an extension with the proxy permission registered to receive | | |
| CVE-2020-35112 | If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the download... | | |
| CVE-2020-35113 | Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of t... | | |
| CVE-2020-35114 | Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evid... | E S | |
| CVE-2020-35121 | An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A mal... | | |
| CVE-2020-35122 | An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A mal... | | |
| CVE-2020-35123 | In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an X... | | |
| CVE-2020-35124 | A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows rem... | | |
| CVE-2020-35125 | A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remo... | E S | |
| CVE-2020-35126 | Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Adm... | | |
| CVE-2020-35127 | Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.... | E | |
| CVE-2020-35128 | Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an a... | E | |
| CVE-2020-35129 | Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an appl... | | |
| CVE-2020-35131 | Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Executi... | E | |
| CVE-2020-35132 | An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious... | E S | |
| CVE-2020-35133 | irfanView 4.56 contains an error processing parsing files of type .pcx. Which leads to out-of-bounds... | E | |
| CVE-2020-35135 | The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php... | E S | |
| CVE-2020-35136 | Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access... | E S | |
| CVE-2020-35137 | The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to co... | E | |
| CVE-2020-35138 | The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, use... | E | |
| CVE-2020-35139 | An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remo... | E | |
| CVE-2020-35141 | An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allow... | E | |
| CVE-2020-35144 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35145 | Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DL... | | |
| CVE-2020-35149 | lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __pr... | S | |
| CVE-2020-35151 | The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php reque... | E | |
| CVE-2020-35152 | Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows | | |
| CVE-2020-35153 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-35154 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-35155 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-35156 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-35157 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-35158 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-35159 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-35160 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-35161 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-35162 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-35163 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versio... | S | |
| CVE-2020-35164 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versio... | S | |
| CVE-2020-35165 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versio... | | |
| CVE-2020-35166 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versio... | | |
| CVE-2020-35167 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versio... | S | |
| CVE-2020-35168 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versio... | S | |
| CVE-2020-35169 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versio... | S | |
| CVE-2020-35170 | Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions ... | | |
| CVE-2020-35173 | The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for c... | S | |
| CVE-2020-35175 | Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.... | S | |
| CVE-2020-35176 | In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the... | | |
| CVE-2020-35177 | HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP a... | | |
| CVE-2020-35184 | The official composer docker images before 1.8.3 contain a blank password for a root user. System us... | | |
| CVE-2020-35185 | The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for... | | |
| CVE-2020-35186 | The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. Sy... | | |
| CVE-2020-35187 | The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password f... | | |
| CVE-2020-35188 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-5021. Reason: This candidate... | R | |
| CVE-2020-35189 | The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a... | | |
| CVE-2020-35190 | The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank p... | | |
| CVE-2020-35191 | The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank passwor... | | |
| CVE-2020-35192 | The official vault docker images before 0.11.6 contain a blank password for a root user. System usin... | | |
| CVE-2020-35193 | The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a ... | | |
| CVE-2020-35194 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-5021. Reason: This candidate... | R | |
| CVE-2020-35195 | The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password f... | | |
| CVE-2020-35196 | The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain... | | |
| CVE-2020-35197 | The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password... | | |
| CVE-2020-35198 | An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflo... | S | |
| CVE-2020-35199 | Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.... | E | |
| CVE-2020-35200 | Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.... | E | |
| CVE-2020-35201 | Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.... | E | |
| CVE-2020-35202 | Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.... | E | |
| CVE-2020-35203 | Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers... | E | |
| CVE-2020-35204 | Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code ... | E | |
| CVE-2020-35205 | Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2... | E | |
| CVE-2020-35206 | Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers... | E | |
| CVE-2020-35207 | An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.... | E | |
| CVE-2020-35208 | An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.... | E | |
| CVE-2020-35209 | An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing co... | | |
| CVE-2020-35210 | A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft sess... | | |
| CVE-2020-35211 | An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target clust... | E | |
| CVE-2020-35213 | An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event m... | E | |
| CVE-2020-35214 | An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse ... | | |
| CVE-2020-35215 | An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix n... | | |
| CVE-2020-35216 | An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down ... | | |
| CVE-2020-35217 | Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of com... | S | |
| CVE-2020-35219 | The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by chan... | | |
| CVE-2020-35220 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35801. Reason: This candidat... | R | |
| CVE-2020-35221 | The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6... | | |
| CVE-2020-35222 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35783. Reason: This candidat... | R | |
| CVE-2020-35223 | The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116E... | | |
| CVE-2020-35224 | A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116... | | |
| CVE-2020-35225 | The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly val... | | |
| CVE-2020-35226 | NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP co... | | |
| CVE-2020-35227 | A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43... | | |
| CVE-2020-35228 | A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116... | | |
| CVE-2020-35229 | The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0... | | |
| CVE-2020-35230 | Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/... | | |
| CVE-2020-35231 | The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an a... | | |
| CVE-2020-35232 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35782. Reason: This candidat... | R | |
| CVE-2020-35233 | The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices,... | | |
| CVE-2020-35234 | The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploit... | E | |
| CVE-2020-35235 | vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPres... | E | |
| CVE-2020-35236 | The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated... | S | |
| CVE-2020-35239 | A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware compone... | | |
| CVE-2020-35240 | FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerabi... | E | |
| CVE-2020-35241 | FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulner... | E | |
| CVE-2020-35242 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updat... | E | |
| CVE-2020-35243 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updat... | E | |
| CVE-2020-35244 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGr... | E | |
| CVE-2020-35245 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUs... | E | |
| CVE-2020-35249 | Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary... | E | |
| CVE-2020-35252 | Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration sect... | E | |
| CVE-2020-35257 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35259 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35261 | Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System... | E | |
| CVE-2020-35262 | Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be exploited via the NTP server na... | E | |
| CVE-2020-35263 | EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, ... | E | |
| CVE-2020-35269 | Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) i... | | |
| CVE-2020-35270 | Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker c... | E | |
| CVE-2020-35271 | Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site ... | E | |
| CVE-2020-35272 | Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site ... | E | |
| CVE-2020-35273 | EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Reques... | E | |
| CVE-2020-35274 | DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote ... | E | |
| CVE-2020-35275 | Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the... | E | |
| CVE-2020-35276 | EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Lo... | E | |
| CVE-2020-35284 | Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensi... | E | |
| CVE-2020-35296 | ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted adm... | E | |
| CVE-2020-35305 | Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialo... | | |
| CVE-2020-35308 | CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by atta... | | |
| CVE-2020-35309 | Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which al... | E | |
| CVE-2020-35310 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none NOTE: This is disputed by the ve... | R | |
| CVE-2020-35313 | A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in... | E | |
| CVE-2020-35314 | A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in... | E | |
| CVE-2020-35326 | SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/websi... | E | |
| CVE-2020-35327 | SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited ... | E | |
| CVE-2020-35328 | Courier Management System 1.0 - 'First Name' Stored XSS... | E | |
| CVE-2020-35329 | Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.... | E | |
| CVE-2020-35337 | ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.ph... | E | |
| CVE-2020-35338 | The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Serve... | E | |
| CVE-2020-35339 | In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Control... | E | |
| CVE-2020-35340 | A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the ... | E | |
| CVE-2020-35342 | GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file ... | E | |
| CVE-2020-35346 | CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject a... | E | |
| CVE-2020-35347 | CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminu... | E | |
| CVE-2020-35349 | Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom... | E | |
| CVE-2020-35357 | A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL ... | S | |
| CVE-2020-35358 | DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On chan... | E | |
| CVE-2020-35359 | Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connectio... | E | |
| CVE-2020-35362 | DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. ... | E | |
| CVE-2020-35364 | Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecti... | E | |
| CVE-2020-35370 | A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sendin... | E | |
| CVE-2020-35373 | In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.... | E | |
| CVE-2020-35376 | Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font ch... | E | |
| CVE-2020-35378 | SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arb... | E | |
| CVE-2020-35380 | GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.... | E | |
| CVE-2020-35381 | jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds o... | E S | |
| CVE-2020-35382 | SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new us... | E | |
| CVE-2020-35388 | rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=get... | E | |
| CVE-2020-35391 | Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly i... | | |
| CVE-2020-35395 | XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker ... | E | |
| CVE-2020-35396 | EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Att... | E | |
| CVE-2020-35398 | An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to... | E | |
| CVE-2020-35416 | Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, i... | E | |
| CVE-2020-35418 | Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted sv... | E | |
| CVE-2020-35419 | Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.... | E | |
| CVE-2020-35427 | SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attack... | E | |
| CVE-2020-35430 | SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via t... | E | |
| CVE-2020-35437 | Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a... | E | |
| CVE-2020-35438 | Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5.... | | |
| CVE-2020-35441 | FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Ac... | E | |
| CVE-2020-35442 | FDCMS (also known as Fangfa Content Management System) 4.0 allows remote attackers to get a webshell... | E | |
| CVE-2020-35448 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in ... | E | |
| CVE-2020-35450 | Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls.... | E S | |
| CVE-2020-35451 | Oozie local privilege escalation | M | |
| CVE-2020-35452 | mod_auth_digest possible stack overflow by one nul byte | | |
| CVE-2020-35453 | HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processe... | | |
| CVE-2020-35454 | The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user ... | | |
| CVE-2020-35455 | The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user ... | | |
| CVE-2020-35456 | The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private... | | |
| CVE-2020-35457 | GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_op... | E S | |
| CVE-2020-35458 | An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injectio... | S | |
| CVE-2020-35459 | An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm histor... | E S | |
| CVE-2020-35460 | common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip st... | S | |
| CVE-2020-35462 | Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. System... | | |
| CVE-2020-35463 | Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. S... | | |
| CVE-2020-35464 | Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Sys... | | |
| CVE-2020-35465 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35466 | The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems d... | | |
| CVE-2020-35467 | The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems... | | |
| CVE-2020-35468 | The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed... | | |
| CVE-2020-35469 | The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user... | | |
| CVE-2020-35470 | Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly conn... | S | |
| CVE-2020-35471 | Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fa... | E S | |
| CVE-2020-35473 | An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Blue... | | |
| CVE-2020-35474 | In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS becau... | E | |
| CVE-2020-35475 | In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can co... | | |
| CVE-2020-35476 | A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the ... | E | |
| CVE-2020-35477 | MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one se... | E | |
| CVE-2020-35478 | MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially c... | E | |
| CVE-2020-35479 | MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself ... | E | |
| CVE-2020-35480 | An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hi... | | |
| CVE-2020-35481 | SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.... | | |
| CVE-2020-35482 | SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.... | | |
| CVE-2020-35483 | AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write ... | | |
| CVE-2020-35488 | The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers ... | E M | |
| CVE-2020-35489 | The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File U... | | |
| CVE-2020-35490 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-35491 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-35492 | A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an ... | S | |
| CVE-2020-35493 | A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be p... | E S | |
| CVE-2020-35494 | There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input f... | E S | |
| CVE-2020-35495 | There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be ... | E S | |
| CVE-2020-35496 | There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacke... | E S | |
| CVE-2020-35497 | A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other user... | | |
| CVE-2020-35498 | A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet par... | S | |
| CVE-2020-35499 | A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getso... | S | |
| CVE-2020-35500 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35501 | A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedl... | M | |
| CVE-2020-35502 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and ... | | |
| CVE-2020-35503 | A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEM... | | |
| CVE-2020-35504 | A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6... | S | |
| CVE-2020-35505 | A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in... | S | |
| CVE-2020-35506 | A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in ... | | |
| CVE-2020-35507 | There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 wh... | E S | |
| CVE-2020-35508 | A flaw possibility of race condition and incorrect initialization of the process id was found in the... | S | |
| CVE-2020-35509 | A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be a... | | |
| CVE-2020-35510 | A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker ... | | |
| CVE-2020-35511 | A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) vi... | | |
| CVE-2020-35512 | A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <=... | | |
| CVE-2020-35513 | A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file s... | S | |
| CVE-2020-35514 | An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This fl... | | |
| CVE-2020-35515 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35516 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35517 | A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file s... | E S | |
| CVE-2020-35518 | When binding against a DN during authentication, the reply from 389-ds-base will be different whethe... | S | |
| CVE-2020-35519 | An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux ker... | | |
| CVE-2020-35520 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35521 | A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file c... | S | |
| CVE-2020-35522 | In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to ... | S | |
| CVE-2020-35523 | An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allo... | S | |
| CVE-2020-35524 | A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's T... | S | |
| CVE-2020-35525 | In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.... | S | |
| CVE-2020-35526 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-35527 | In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a... | S | |
| CVE-2020-35528 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-35529 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-35530 | In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\sr... | E S | |
| CVE-2020-35531 | In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw... | S | |
| CVE-2020-35532 | In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (lib... | E S | |
| CVE-2020-35533 | In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" functi... | S | |
| CVE-2020-35534 | In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (li... | S | |
| CVE-2020-35535 | In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function... | E S | |
| CVE-2020-35536 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35537 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35538 | A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by... | S | |
| CVE-2020-35539 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35540 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-35541 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-35542 | Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document ... | | |
| CVE-2020-35545 | Time-based SQL injection exists in Spotweb 1.4.9 via the query string.... | | |
| CVE-2020-35546 | Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access contro... | | |
| CVE-2020-35547 | A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenti... | | |
| CVE-2020-35548 | An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-e... | | |
| CVE-2020-35549 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any app... | | |
| CVE-2020-35550 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software... | | |
| CVE-2020-35551 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets)... | | |
| CVE-2020-35552 | An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0)... | | |
| CVE-2020-35553 | An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets... | | |
| CVE-2020-35554 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There i... | | |
| CVE-2020-35555 | An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configu... | | |
| CVE-2020-35556 | An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local n... | | |
| CVE-2020-35557 | Improper Access Validation in products of MB connect line and Helmholz | S | |
| CVE-2020-35558 | SSRF in products of MB connect line and Helmholz | S | |
| CVE-2020-35559 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an ... | | |
| CVE-2020-35560 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an ... | | |
| CVE-2020-35561 | SSRF in variuos products of MB connect line and Helmholz | S | |
| CVE-2020-35563 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an ... | | |
| CVE-2020-35564 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an ... | | |
| CVE-2020-35565 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pa... | | |
| CVE-2020-35566 | Local file inclusion vulnerability in products of MB connect line and Helmholz | S | |
| CVE-2020-35567 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software... | | |
| CVE-2020-35568 | Sensitive Information Exposure in products of MB connect line and Helmholz | S | |
| CVE-2020-35569 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a s... | | |
| CVE-2020-35570 | Foreced Browsing vulnerability in products of MB connect line and Helmholz | S | |
| CVE-2020-35571 | An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_cu... | | |
| CVE-2020-35572 | Adminer through 4.7.8 allows XSS via the history parameter to the default URI.... | E | |
| CVE-2020-35573 | srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption... | S | |
| CVE-2020-35575 | A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker... | E | |
| CVE-2020-35576 | A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware vers... | S | |
| CVE-2020-35577 | In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any au... | | |
| CVE-2020-35578 | An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-endin... | E | |
| CVE-2020-35579 | tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that ... | E | |
| CVE-2020-35580 | A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote... | E | |
| CVE-2020-35581 | A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attack... | E S | |
| CVE-2020-35582 | A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attack... | E S | |
| CVE-2020-35584 | In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted chann... | E | |
| CVE-2020-35585 | In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attack... | E | |
| CVE-2020-35586 | In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-... | E | |
| CVE-2020-35587 | In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/dis... | | |
| CVE-2020-35588 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-35589 | The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general... | E | |
| CVE-2020-35590 | LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allow... | | |
| CVE-2020-35591 | Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session... | E | |
| CVE-2020-35592 | Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is ab... | E | |
| CVE-2020-35593 | BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +R... | E | |
| CVE-2020-35594 | Zoho ManageEngine ADManager Plus before 7066 allows XSS.... | | |
| CVE-2020-35597 | Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id par... | E | |
| CVE-2020-35598 | ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/... | E | |
| CVE-2020-35604 | An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.... | E | |
| CVE-2020-35605 | The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execut... | E S | |
| CVE-2020-35606 | Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package U... | E | |
| CVE-2020-35608 | A code execution vulnerability exists in the normal world’s signed code execution functionality of M... | E | |
| CVE-2020-35609 | A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure ... | E | |
| CVE-2020-35610 | [20201101] - Core - com_finder ignores access levels on autosuggest | | |
| CVE-2020-35611 | [20201102] - Core - Disclosure of secrets in Global Configuration page | | |
| CVE-2020-35612 | [20201103] - Core - Path traversal in mod_random_image | | |
| CVE-2020-35613 | [20201104] - Core - SQL injection in com_users list view | | |
| CVE-2020-35614 | [20201105] - Core - User Enumeration in backend login | | |
| CVE-2020-35615 | [20201106] - Core - CSRF in com_privacy emailexport feature | | |
| CVE-2020-35616 | [20201107] - Core - Write ACL violation in multiple core views | | |
| CVE-2020-35617 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-35618 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-35619 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-35620 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-35621 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-35622 | An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsag... | S | |
| CVE-2020-35623 | An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper usern... | E S | |
| CVE-2020-35624 | An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote... | S | |
| CVE-2020-35625 | An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the abi... | | |
| CVE-2020-35626 | An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form ... | S | |
| CVE-2020-35627 | Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftC... | E | |
| CVE-2020-35628 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-... | | |
| CVE-2020-35629 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-35630 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-35631 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-35632 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-35633 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-... | E | |
| CVE-2020-35634 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-... | E | |
| CVE-2020-35635 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-... | E | |
| CVE-2020-35636 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-... | E | |
| CVE-2020-35650 | Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allo... | | |
| CVE-2020-35652 | An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16... | E | |
| CVE-2020-35653 | In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because th... | | |
| CVE-2020-35654 | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr file... | | |
| CVE-2020-35655 | In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE ima... | | |
| CVE-2020-35656 | Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted ... | E | |
| CVE-2020-35657 | Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted ... | E | |
| CVE-2020-35658 | SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.... | E | |
| CVE-2020-35659 | The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability ... | S | |
| CVE-2020-35660 | Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.... | E S | |
| CVE-2020-35662 | In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL cert... | | |
| CVE-2020-35664 | An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site... | | |
| CVE-2020-35665 | An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shel... | E | |
| CVE-2020-35666 | Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implemen... | E | |
| CVE-2020-35667 | JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user... | | |
| CVE-2020-35668 | RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it... | E S | |
| CVE-2020-35669 | An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HT... | E S | |
| CVE-2020-35674 | BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /m... | | |
| CVE-2020-35675 | BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to mo... | | |
| CVE-2020-35676 | BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user re... | E | |
| CVE-2020-35677 | BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters u... | | |
| CVE-2020-35678 | Autobahn|Python before 20.12.3 allows redirect header injection.... | S | |
| CVE-2020-35679 | smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to tr... | S | |
| CVE-2020-35680 | smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers t... | S | |
| CVE-2020-35681 | Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a diff... | E | |
| CVE-2020-35682 | Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML lo... | | |
| CVE-2020-35683 | An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchec... | M | |
| CVE-2020-35684 | An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an uncheck... | M | |
| CVE-2020-35685 | An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISN... | M | |
| CVE-2020-35686 | The SECOMN service in Sound Research DCHU model software component modules (APO) through 2.0.9.17, d... | | |
| CVE-2020-35687 | PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messa... | E | |
| CVE-2020-35693 | On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-con... | E | |
| CVE-2020-35698 | Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting (XSS). ... | | |
| CVE-2020-35700 | A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboar... | E S | |
| CVE-2020-35701 | An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.p... | E | |
| CVE-2020-35702 | DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafte... | E | |
| CVE-2020-35704 | Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen.... | E | |
| CVE-2020-35705 | Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen.... | E | |
| CVE-2020-35706 | Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen.... | E | |
| CVE-2020-35707 | Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen.... | E | |
| CVE-2020-35708 | phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Con... | E | |
| CVE-2020-35709 | bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/oct... | E | |
| CVE-2020-35710 | Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP addr... | E | |
| CVE-2020-35711 | An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use... | E S | |
| CVE-2020-35712 | Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.... | | |
| CVE-2020-35713 | Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary command... | E | |
| CVE-2020-35714 | Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrar... | E | |
| CVE-2020-35715 | Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitra... | E | |
| CVE-2020-35716 | Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial... | E | |
| CVE-2020-35717 | zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because no... | E | |
| CVE-2020-35719 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i... | E | |
| CVE-2020-35720 | Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in mu... | E | |
| CVE-2020-35721 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i... | E | |
| CVE-2020-35722 | CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force ... | E | |
| CVE-2020-35723 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i... | E | |
| CVE-2020-35724 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i... | E | |
| CVE-2020-35725 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i... | E | |
| CVE-2020-35726 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i... | E | |
| CVE-2020-35727 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i... | E | |
| CVE-2020-35728 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | S | |
| CVE-2020-35729 | KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.p... | E | |
| CVE-2020-35730 | An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x befor... | KEV S | |
| CVE-2020-35733 | An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an ... | | |
| CVE-2020-35734 | Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Re... | E | |
| CVE-2020-35735 | Vidyo 02-09-/D allows clickjacking via the portal/ URI.... | E | |
| CVE-2020-35736 | GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traver... | E | |
| CVE-2020-35737 | In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users'... | E | |
| CVE-2020-35738 | WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer... | E S | |
| CVE-2020-35740 | HGiga MailSherlock - XSS -1 | S | |
| CVE-2020-35741 | HGiga MailSherlock - XSS -2 | S | |
| CVE-2020-35742 | HGiga MailSherlock - SQL Injection -1 | S | |
| CVE-2020-35743 | HGiga MailSherlock - SQL Injection -3 | S | |
| CVE-2020-35745 | PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php... | E | |
| CVE-2020-35748 | Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player ... | E | |
| CVE-2020-35749 | Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simpl... | E | |
| CVE-2020-35752 | Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab ... | E | |
| CVE-2020-35753 | The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 thr... | E | |
| CVE-2020-35754 | OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code inject... | E | |
| CVE-2020-35755 | An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVR... | E | |
| CVE-2020-35756 | An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS C... | E | |
| CVE-2020-35757 | An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB... | E | |
| CVE-2020-35758 | An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass ... | E | |
| CVE-2020-35759 | bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content... | E | |
| CVE-2020-35760 | bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicio... | E | |
| CVE-2020-35761 | bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Co... | E | |
| CVE-2020-35762 | bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers ... | E | |
| CVE-2020-35765 | doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager t... | E | |
| CVE-2020-35766 | The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a... | E S | |
| CVE-2020-35769 | miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI p... | S | |
| CVE-2020-35773 | The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce... | E S | |
| CVE-2020-35774 | server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.1... | S | |
| CVE-2020-35775 | CITSmart before 9.1.2.23 allows LDAP Injection.... | | |
| CVE-2020-35776 | A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, an... | E S | |
| CVE-2020-35777 | NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.... | | |
| CVE-2020-35778 | Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 bef... | | |
| CVE-2020-35779 | NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.... | | |
| CVE-2020-35780 | NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.... | | |
| CVE-2020-35781 | NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.... | | |
| CVE-2020-35782 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects J... | E | |
| CVE-2020-35783 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects J... | | |
| CVE-2020-35784 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects J... | | |
| CVE-2020-35785 | NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-20... | | |
| CVE-2020-35786 | NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user.... | | |
| CVE-2020-35787 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D36... | | |
| CVE-2020-35788 | NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user.... | | |
| CVE-2020-35789 | NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user.... | | |
| CVE-2020-35790 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D78... | | |
| CVE-2020-35791 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R78... | | |
| CVE-2020-35792 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R75... | | |
| CVE-2020-35793 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D78... | | |
| CVE-2020-35794 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS... | | |
| CVE-2020-35795 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affec... | | |
| CVE-2020-35796 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affec... | | |
| CVE-2020-35797 | NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attac... | | |
| CVE-2020-35798 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2020-35799 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker... | | |
| CVE-2020-35800 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects A... | | |
| CVE-2020-35801 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects J... | | |
| CVE-2020-35802 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 befo... | | |
| CVE-2020-35803 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D6200 befo... | | |
| CVE-2020-35804 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7800 befo... | | |
| CVE-2020-35805 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35806 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35807 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before... | | |
| CVE-2020-35808 | Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.63, DM200 before... | | |
| CVE-2020-35809 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35810 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35811 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35812 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35813 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before... | | |
| CVE-2020-35814 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before... | | |
| CVE-2020-35815 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35816 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35817 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35818 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35819 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35820 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35821 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before... | | |
| CVE-2020-35822 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35823 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35824 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35825 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35826 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35827 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before... | | |
| CVE-2020-35828 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK20 before... | | |
| CVE-2020-35829 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before... | | |
| CVE-2020-35830 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35831 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35832 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35833 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35834 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35835 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35836 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35837 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35838 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35839 | Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-35840 | Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 befor... | | |
| CVE-2020-35841 | Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 befor... | | |
| CVE-2020-35842 | Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 befor... | | |
| CVE-2020-35843 | FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x9... | E | |
| CVE-2020-35844 | FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xb... | E | |
| CVE-2020-35845 | FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x9... | E | |
| CVE-2020-35846 | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.... | E S | |
| CVE-2020-35847 | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword func... | E S | |
| CVE-2020-35848 | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword functi... | E S | |
| CVE-2020-35849 | An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_pa... | E | |
| CVE-2020-35850 | An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agen... | E | |
| CVE-2020-35851 | HGiga MailSherlock - Command Injection | S | |
| CVE-2020-35852 | Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SV... | E M | |
| CVE-2020-35853 | 4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Imag... | E | |
| CVE-2020-35854 | Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.... | E | |
| CVE-2020-35856 | SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Custo... | | |
| CVE-2020-35857 | An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null ta... | E | |
| CVE-2020-35858 | An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a c... | E S | |
| CVE-2020-35859 | An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles si... | S | |
| CVE-2020-35860 | An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferen... | E | |
| CVE-2020-35861 | An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the r... | E S | |
| CVE-2020-35862 | An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion lead... | E | |
| CVE-2020-35863 | An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur... | S | |
| CVE-2020-35864 | An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. read_scalar (and read_... | E | |
| CVE-2020-35865 | An issue was discovered in the os_str_bytes crate before 2.0.0 for Rust. It has false expectations a... | S | |
| CVE-2020-35866 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated ... | | |
| CVE-2020-35867 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated ... | | |
| CVE-2020-35868 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated ... | | |
| CVE-2020-35869 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated ... | | |
| CVE-2020-35870 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated ... | | |
| CVE-2020-35871 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated ... | | |
| CVE-2020-35872 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated ... | | |
| CVE-2020-35873 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated ... | | |
| CVE-2020-35874 | An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a r... | E S | |
| CVE-2020-35875 | An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may... | S | |
| CVE-2020-35876 | An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowi... | | |
| CVE-2020-35877 | An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated be... | | |
| CVE-2020-35878 | An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated be... | | |
| CVE-2020-35879 | An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifet... | E S | |
| CVE-2020-35880 | An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness viola... | S | |
| CVE-2020-35881 | An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectati... | E S | |
| CVE-2020-35882 | An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more ... | E S | |
| CVE-2020-35883 | An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal ... | | |
| CVE-2020-35884 | An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling c... | | |
| CVE-2020-35885 | An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper ... | | |
| CVE-2020-35886 | An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sy... | | |
| CVE-2020-35887 | An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in ... | | |
| CVE-2020-35888 | An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is droppe... | | |
| CVE-2020-35889 | An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a result... | | |
| CVE-2020-35890 | An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memo... | E | |
| CVE-2020-35891 | An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memo... | E | |
| CVE-2020-35892 | An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bou... | | |
| CVE-2020-35893 | An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one e... | | |
| CVE-2020-35894 | An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur.... | | |
| CVE-2020-35895 | An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds writ... | | |
| CVE-2020-35896 | An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not prop... | | |
| CVE-2020-35897 | An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allow... | | |
| CVE-2020-35898 | An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allo... | E S | |
| CVE-2020-35899 | An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation al... | E | |
| CVE-2020-35900 | An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may ... | E | |
| CVE-2020-35901 | An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-... | E S | |
| CVE-2020-35902 | An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-... | E | |
| CVE-2020-35903 | An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element a... | E | |
| CVE-2020-35904 | An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expec... | E S | |
| CVE-2020-35905 | An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a... | E S | |
| CVE-2020-35906 | An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cau... | E S | |
| CVE-2020-35907 | An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_re... | E | |
| CVE-2020-35908 | An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead t... | | |
| CVE-2020-35909 | An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code c... | S | |
| CVE-2020-35910 | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because o... | S | |
| CVE-2020-35911 | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because o... | | |
| CVE-2020-35912 | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because o... | | |
| CVE-2020-35913 | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because o... | | |
| CVE-2020-35914 | An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because o... | | |
| CVE-2020-35915 | An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allo... | E | |
| CVE-2020-35916 | An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutabl... | E | |
| CVE-2020-35917 | An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting erro... | E S | |
| CVE-2020-35918 | An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid ba... | E S | |
| CVE-2020-35919 | An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about th... | E | |
| CVE-2020-35920 | An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about... | E | |
| CVE-2020-35921 | An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the... | E | |
| CVE-2020-35922 | An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the ... | E | |
| CVE-2020-35923 | An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A Not... | E | |
| CVE-2020-35924 | An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex | E | |
| CVE-2020-35925 | An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer a... | E | |
| CVE-2020-35926 | An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number gen... | | |
| CVE-2020-35927 | An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex | | |
| CVE-2020-35928 | An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<... | E | |
| CVE-2020-35929 | In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-... | S | |
| CVE-2020-35930 | Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by... | E | |
| CVE-2020-35931 | An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF bef... | S | |
| CVE-2020-35932 | Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated re... | E | |
| CVE-2020-35933 | A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6... | E | |
| CVE-2020-35934 | The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (i... | E | |
| CVE-2020-35935 | The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile... | E | |
| CVE-2020-35936 | Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPres... | E | |
| CVE-2020-35937 | Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for Wor... | E | |
| CVE-2020-35938 | PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remot... | E | |
| CVE-2020-35939 | PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow ... | E | |
| CVE-2020-35942 | A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress a... | E | |
| CVE-2020-35943 | A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress a... | E | |
| CVE-2020-35944 | An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_p... | E | |
| CVE-2020-35945 | An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 fo... | E | |
| CVE-2020-35946 | An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Descri... | E | |
| CVE-2020-35947 | An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX a... | E S | |
| CVE-2020-35948 | An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gav... | E | |
| CVE-2020-35949 | An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it ... | E | |
| CVE-2020-35950 | An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It al... | E | |
| CVE-2020-35951 | An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows u... | E | |
| CVE-2020-35952 | login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages tha... | E | |
| CVE-2020-35962 | The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring... | E | |
| CVE-2020-35963 | flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it doe... | E S | |
| CVE-2020-35964 | track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrec... | E S | |
| CVE-2020-35965 | decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in cal... | E S | |
| CVE-2020-35970 | An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection ma... | E | |
| CVE-2020-35971 | A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS cod... | E | |
| CVE-2020-35972 | An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accou... | E | |
| CVE-2020-35973 | An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS co... | E | |
| CVE-2020-35979 | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the ... | E S | |
| CVE-2020-35980 | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function g... | E S | |
| CVE-2020-35981 | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in ... | E S | |
| CVE-2020-35982 | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in ... | E S | |
| CVE-2020-35984 | A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2... | E | |
| CVE-2020-35985 | A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2... | E | |
| CVE-2020-35986 | A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovodite... | E | |
| CVE-2020-35987 | A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.... | E | |
| CVE-2020-35990 | Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software ... | | |
| CVE-2020-35992 | Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker w... | |