| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-36002 | Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where... | E | |
| CVE-2020-36003 | The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL inje... | E | |
| CVE-2020-36004 | AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows attackers... | E | |
| CVE-2020-36005 | AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulnerability which allows attackers... | E | |
| CVE-2020-36006 | AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attacker... | E | |
| CVE-2020-36007 | AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripting attack vulnerability which ... | E | |
| CVE-2020-36008 | OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability.... | E | |
| CVE-2020-36009 | OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability.... | E | |
| CVE-2020-36011 | A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1... | E | |
| CVE-2020-36012 | Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin ... | E | |
| CVE-2020-36023 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a d... | E S | |
| CVE-2020-36024 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a d... | E S | |
| CVE-2020-36033 | SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to editu... | E | |
| CVE-2020-36034 | SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote... | E | |
| CVE-2020-36037 | An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code ... | E | |
| CVE-2020-36048 | Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a PO... | E S | |
| CVE-2020-36049 | socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via... | E S | |
| CVE-2020-36051 | Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read ... | E | |
| CVE-2020-36052 | Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to inclu... | E | |
| CVE-2020-36056 | Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a... | | |
| CVE-2020-36062 | Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source... | E | |
| CVE-2020-36064 | Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code w... | | |
| CVE-2020-36065 | Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary admi... | E | |
| CVE-2020-36066 | GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.... | E | |
| CVE-2020-36067 | GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out... | | |
| CVE-2020-36070 | Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to exec... | | |
| CVE-2020-36071 | SQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated atta... | E | |
| CVE-2020-36072 | SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execut... | E | |
| CVE-2020-36073 | SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execut... | E | |
| CVE-2020-36074 | SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute... | E | |
| CVE-2020-36077 | SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute... | | |
| CVE-2020-36079 | Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code ex... | E | |
| CVE-2020-36082 | File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrar... | E | |
| CVE-2020-36084 | SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attacke... | E | |
| CVE-2020-36085 | Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Applicat... | | |
| CVE-2020-36109 | ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_... | | |
| CVE-2020-36112 | CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based ... | E | |
| CVE-2020-36115 | Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bo... | E | |
| CVE-2020-36120 | Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to ... | E | |
| CVE-2020-36123 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36124 | Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) inj... | E | |
| CVE-2020-36125 | Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control wher... | E | |
| CVE-2020-36126 | Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that... | E | |
| CVE-2020-36127 | Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vul... | E | |
| CVE-2020-36128 | Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerabilit... | E | |
| CVE-2020-36129 | AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.... | E | |
| CVE-2020-36130 | AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c... | E | |
| CVE-2020-36131 | AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.... | E | |
| CVE-2020-36133 | AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partitio... | E | |
| CVE-2020-36134 | AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad... | E | |
| CVE-2020-36135 | AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.... | E | |
| CVE-2020-36136 | SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive infor... | E | |
| CVE-2020-36138 | An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote at... | S | |
| CVE-2020-36139 | BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payl... | E | |
| CVE-2020-36140 | BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demo... | E | |
| CVE-2020-36141 | BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by ... | E | |
| CVE-2020-36142 | BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the '... | E | |
| CVE-2020-36144 | Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of spe... | | |
| CVE-2020-36148 | Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will... | E | |
| CVE-2020-36149 | Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will... | E | |
| CVE-2020-36150 | Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead t... | E S | |
| CVE-2020-36151 | Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5... | E S | |
| CVE-2020-36152 | Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers ... | E S | |
| CVE-2020-36154 | The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Every... | E | |
| CVE-2020-36155 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat... | E | |
| CVE-2020-36156 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated... | E | |
| CVE-2020-36157 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat... | E | |
| CVE-2020-36158 | mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel t... | S | |
| CVE-2020-36159 | Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup p... | | |
| CVE-2020-36160 | An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL li... | | |
| CVE-2020-36161 | An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on ... | | |
| CVE-2020-36162 | An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent le... | | |
| CVE-2020-36163 | An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes usin... | | |
| CVE-2020-36164 | An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL ... | | |
| CVE-2020-36165 | An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads... | | |
| CVE-2020-36166 | An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation throug... | | |
| CVE-2020-36167 | An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543... | | |
| CVE-2020-36168 | An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows ... | | |
| CVE-2020-36169 | An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processe... | | |
| CVE-2020-36170 | The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in ... | | |
| CVE-2020-36171 | The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uplo... | | |
| CVE-2020-36172 | The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in ... | | |
| CVE-2020-36173 | The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.... | | |
| CVE-2020-36174 | The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.... | | |
| CVE-2020-36175 | The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the e... | | |
| CVE-2020-36176 | The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforc... | | |
| CVE-2020-36177 | RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain rel... | E S | |
| CVE-2020-36178 | oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injec... | E | |
| CVE-2020-36179 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-36180 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-36181 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-36182 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-36183 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-36184 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-36185 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-36186 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-36187 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-36188 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-36189 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg... | E S | |
| CVE-2020-36190 | RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.... | E S | |
| CVE-2020-36191 | JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstr... | E | |
| CVE-2020-36192 | An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can ... | E | |
| CVE-2020-36193 | Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadeq... | KEV S | |
| CVE-2020-36194 | XSS Vulnerability in QTS and QuTS heroCommand Injection Vulnerabilities in QTS and QuTS hero | S | |
| CVE-2020-36195 | SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On | S | |
| CVE-2020-36196 | Stored XSS Vulnerability in QuLog Center | S | |
| CVE-2020-36197 | Improper Access Control Vulnerability in Music Station | S | |
| CVE-2020-36198 | Command Injection Vulnerability in Malware Remover | S | |
| CVE-2020-36199 | TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient... | S | |
| CVE-2020-36200 | TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET r... | S | |
| CVE-2020-36201 | An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords... | S | |
| CVE-2020-36202 | An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur whe... | S | |
| CVE-2020-36203 | An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send... | E | |
| CVE-2020-36204 | An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have... | E | |
| CVE-2020-36205 | An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soun... | E | |
| CVE-2020-36206 | An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync ... | | |
| CVE-2020-36207 | An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec | | |
| CVE-2020-36208 | An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur f... | E | |
| CVE-2020-36209 | An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented ... | E | |
| CVE-2020-36210 | An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on array... | E | |
| CVE-2020-36211 | An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have... | E | |
| CVE-2020-36212 | An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness b... | E | |
| CVE-2020-36213 | An issue was discovered in the abi_stable crate before 0.9.1 for Rust. A retain call can create an i... | | |
| CVE-2020-36214 | An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can ... | E | |
| CVE-2020-36215 | An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not hav... | E | |
| CVE-2020-36216 | An issue was discovered in Input | E | |
| CVE-2020-36217 | An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not h... | E | |
| CVE-2020-36218 | An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does ... | E | |
| CVE-2020-36219 | An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption... | E | |
| CVE-2020-36220 | An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer | E | |
| CVE-2020-36221 | An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certif... | S | |
| CVE-2020-36222 | A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the sasl... | S | |
| CVE-2020-36223 | A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter... | S | |
| CVE-2020-36224 | A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash i... | S | |
| CVE-2020-36225 | A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the sasl... | S | |
| CVE-2020-36226 | A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd ... | S | |
| CVE-2020-36227 | A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel... | S | |
| CVE-2020-36228 | An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certif... | S | |
| CVE-2020-36229 | A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.... | S | |
| CVE-2020-36230 | A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.50... | S | |
| CVE-2020-36231 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metada... | | |
| CVE-2020-36232 | The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 befo... | S | |
| CVE-2020-36233 | The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9... | | |
| CVE-2020-36234 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrar... | | |
| CVE-2020-36235 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to... | | |
| CVE-2020-36236 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrar... | | |
| CVE-2020-36237 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to... | | |
| CVE-2020-36238 | The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version... | S | |
| CVE-2020-36239 | Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16,... | S | |
| CVE-2020-36240 | The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4... | | |
| CVE-2020-36241 | autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other ... | E S | |
| CVE-2020-36242 | In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrica... | E S | |
| CVE-2020-36243 | The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface... | E S | |
| CVE-2020-36244 | The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow t... | S | |
| CVE-2020-36245 | GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutom... | E | |
| CVE-2020-36246 | Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters ... | | |
| CVE-2020-36247 | Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.... | | |
| CVE-2020-36248 | The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN prefer... | | |
| CVE-2020-36249 | The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions ... | | |
| CVE-2020-36250 | In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed b... | | |
| CVE-2020-36251 | ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a gr... | | |
| CVE-2020-36252 | ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to ... | | |
| CVE-2020-36254 | scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue ... | S | |
| CVE-2020-36255 | An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca imp... | S | |
| CVE-2020-36256 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-36257 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36258 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36259 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36260 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36261 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36262 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36263 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36264 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36265 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36266 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36267 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36268 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36269 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36270 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36271 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36272 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36273 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36274 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36275 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36276 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36277 | Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift i... | E S | |
| CVE-2020-36278 | Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.... | E S | |
| CVE-2020-36279 | Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adapt... | E S | |
| CVE-2020-36280 | Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to ti... | E S | |
| CVE-2020-36281 | Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in col... | E S | |
| CVE-2020-36282 | JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserializati... | S | |
| CVE-2020-36283 | HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet... | M | |
| CVE-2020-36284 | Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic ... | | |
| CVE-2020-36285 | Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptograp... | | |
| CVE-2020-36286 | The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version... | | |
| CVE-2020-36287 | The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Ji... | | |
| CVE-2020-36288 | The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from vers... | | |
| CVE-2020-36289 | Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerat... | | |
| CVE-2020-36290 | The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 b... | | |
| CVE-2020-36306 | Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.... | | |
| CVE-2020-36307 | Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.... | | |
| CVE-2020-36308 | Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visibl... | | |
| CVE-2020-36309 | ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in a... | S | |
| CVE-2020-36310 | An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_r... | | |
| CVE-2020-36311 | An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to c... | S | |
| CVE-2020-36312 | An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unre... | S | |
| CVE-2020-36313 | An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access... | S | |
| CVE-2020-36314 | fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other softwa... | E S | |
| CVE-2020-36315 | In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of th... | E S | |
| CVE-2020-36316 | In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because... | E S | |
| CVE-2020-36317 | In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem.... | E S | |
| CVE-2020-36318 | In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the sam... | E S | |
| CVE-2020-36319 | Potential sensitive data exposure in applications using Vaadin 15 | S | |
| CVE-2020-36320 | Regular expression Denial of Service (ReDoS) in EmailValidator class in Vaadin 7 | E S | |
| CVE-2020-36321 | Directory traversal in development mode handler in Vaadin 14 and 15-17 | S | |
| CVE-2020-36322 | An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka... | S | |
| CVE-2020-36323 | In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can... | S | |
| CVE-2020-36324 | Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not... | S | |
| CVE-2020-36325 | An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an ... | E | |
| CVE-2020-36326 | PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment... | S | |
| CVE-2020-36327 | Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based o... | E S | |
| CVE-2020-36328 | A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPD... | S | |
| CVE-2020-36329 | A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread bei... | S | |
| CVE-2020-36330 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function Ch... | S | |
| CVE-2020-36331 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function Ch... | S | |
| CVE-2020-36332 | A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an exces... | S | |
| CVE-2020-36333 | themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, becau... | E S | |
| CVE-2020-36334 | themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.... | E S | |
| CVE-2020-36363 | Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WI... | | |
| CVE-2020-36364 | An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/I... | E S | |
| CVE-2020-36365 | Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, ... | E | |
| CVE-2020-36366 | Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a D... | E | |
| CVE-2020-36367 | Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows remote attackers to cause a D... | E | |
| CVE-2020-36368 | Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, allows remote attackers to cause... | E | |
| CVE-2020-36369 | Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20.1, allows remote attackers to ... | E | |
| CVE-2020-36370 | Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows remote attackers to cause a D... | E | |
| CVE-2020-36371 | Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, allows remote attackers to cau... | E | |
| CVE-2020-36372 | Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, allows remote attackers to caus... | E | |
| CVE-2020-36373 | Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allows remote attackers to cause a ... | E | |
| CVE-2020-36374 | Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, allows remote attackers to caus... | E | |
| CVE-2020-36375 | Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, allows remote attackers to cause ... | E | |
| CVE-2020-36376 | An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute a... | E | |
| CVE-2020-36377 | An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute a... | E | |
| CVE-2020-36378 | An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to exe... | E | |
| CVE-2020-36379 | An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute... | E | |
| CVE-2020-36380 | An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute... | E | |
| CVE-2020-36381 | An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to e... | E | |
| CVE-2020-36382 | OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user au... | | |
| CVE-2020-36383 | PageLayer before 1.3.5 allows reflected XSS via the font-size parameter.... | E | |
| CVE-2020-36384 | PageLayer before 1.3.5 allows reflected XSS via color settings.... | E | |
| CVE-2020-36385 | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-af... | S | |
| CVE-2020-36386 | An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-o... | E S | |
| CVE-2020-36387 | An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related... | S | |
| CVE-2020-36388 | In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and ex... | E | |
| CVE-2020-36389 | In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows C... | E | |
| CVE-2020-36394 | pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to ... | E | |
| CVE-2020-36395 | A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.... | E | |
| CVE-2020-36396 | A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8... | E | |
| CVE-2020-36397 | A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLit... | E | |
| CVE-2020-36398 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to exe... | E S | |
| CVE-2020-36399 | A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to exe... | E S | |
| CVE-2020-36400 | ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability tha... | S | |
| CVE-2020-36401 | mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).... | E S | |
| CVE-2020-36402 | Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE... | E S | |
| CVE-2020-36403 | HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse a... | E S | |
| CVE-2020-36404 | Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl | E S | |
| CVE-2020-36405 | Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.... | E S | |
| CVE-2020-36406 | uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (calle... | E S | |
| CVE-2020-36407 | libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.... | E S | |
| CVE-2020-36408 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker... | E | |
| CVE-2020-36409 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker... | E | |
| CVE-2020-36410 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker... | E | |
| CVE-2020-36411 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker... | E | |
| CVE-2020-36412 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker... | E | |
| CVE-2020-36413 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker... | E | |
| CVE-2020-36414 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker... | E | |
| CVE-2020-36415 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker... | E | |
| CVE-2020-36416 | A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attacker... | E | |
| CVE-2020-36420 | Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion dur... | E S | |
| CVE-2020-36421 | An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponent... | E S | |
| CVE-2020-36422 | An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC priv... | S | |
| CVE-2020-36423 | An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext becau... | S | |
| CVE-2020-36424 | An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RS... | S | |
| CVE-2020-36425 | An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check wh... | E S | |
| CVE-2020-36426 | An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-... | | |
| CVE-2020-36427 | GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.... | | |
| CVE-2020-36428 | matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32... | | |
| CVE-2020-36429 | Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion de... | S | |
| CVE-2020-36430 | libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_fon... | S | |
| CVE-2020-36431 | Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm.... | S | |
| CVE-2020-36432 | An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitia... | | |
| CVE-2020-36433 | An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not hono... | | |
| CVE-2020-36434 | An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can t... | | |
| CVE-2020-36435 | An issue was discovered in the ruspiro-singleton crate before 0.4.1 for Rust. In Singleton, Send and... | | |
| CVE-2020-36436 | An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab | | |
| CVE-2020-36437 | An issue was discovered in the conqueue crate before 0.4.0 for Rust. There are unconditional impleme... | | |
| CVE-2020-36438 | An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future | | |
| CVE-2020-36439 | An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust. There are unconditional im... | | |
| CVE-2020-36440 | An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder | | |
| CVE-2020-36441 | An issue was discovered in the abox crate before 0.4.1 for Rust. It implements Send and Sync for Ato... | | |
| CVE-2020-36442 | An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has no Sync bound on its ... | | |
| CVE-2020-36443 | An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer ... | | |
| CVE-2020-36444 | An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Send and Sync are imple... | | |
| CVE-2020-36445 | An issue was discovered in the convec crate through 2020-11-24 for Rust. There are unconditional imp... | | |
| CVE-2020-36446 | An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditio... | | |
| CVE-2020-36447 | An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is an unconditional imple... | E | |
| CVE-2020-36448 | An issue was discovered in the cache crate through 2020-11-24 for Rust. There are unconditional impl... | E S | |
| CVE-2020-36449 | An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ShmWriter | E S | |
| CVE-2020-36450 | An issue was discovered in the bunch crate through 2020-11-12 for Rust. There are unconditional impl... | E S | |
| CVE-2020-36451 | An issue was discovered in the rcu_cell crate through 2020-11-14 for Rust. There are unconditional i... | E S | |
| CVE-2020-36452 | An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clon... | | |
| CVE-2020-36453 | An issue was discovered in the scottqueue crate through 2020-11-15 for Rust. There are unconditional... | E S | |
| CVE-2020-36454 | An issue was discovered in the parc crate through 2020-11-14 for Rust. LockWeak | E S | |
| CVE-2020-36455 | An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock | E | |
| CVE-2020-36456 | An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell | E S | |
| CVE-2020-36457 | An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox | E S | |
| CVE-2020-36458 | An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult | E S | |
| CVE-2020-36459 | An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as S... | E S | |
| CVE-2020-36460 | An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure ha... | E S | |
| CVE-2020-36461 | An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are uncondition... | E S | |
| CVE-2020-36462 | An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional imple... | E S | |
| CVE-2020-36463 | An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional... | E S | |
| CVE-2020-36464 | An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementati... | E S | |
| CVE-2020-36465 | An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by ... | E S | |
| CVE-2020-36466 | An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync f... | E S | |
| CVE-2020-36467 | An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one... | E S | |
| CVE-2020-36468 | An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic... | E S | |
| CVE-2020-36469 | An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V t... | E S | |
| CVE-2020-36470 | An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not prope... | E S | |
| CVE-2020-36471 | An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a func... | E S | |
| CVE-2020-36472 | An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and Transactiona... | E S | |
| CVE-2020-36473 | UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers... | | |
| CVE-2020-36474 | SafeCurl before 0.9.2 has a DNS rebinding vulnerability.... | S | |
| CVE-2020-36475 | An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The... | S | |
| CVE-2020-36476 | An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). The... | | |
| CVE-2020-36477 | An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when match... | | |
| CVE-2020-36478 | An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A N... | E S | |
| CVE-2020-36485 | Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the ... | E | |
| CVE-2020-36486 | Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) v... | E | |
| CVE-2020-36488 | An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/... | E | |
| CVE-2020-36489 | Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vuln... | E | |
| CVE-2020-36490 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in th... | E | |
| CVE-2020-36491 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in th... | E | |
| CVE-2020-36492 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in th... | E | |
| CVE-2020-36493 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in th... | E | |
| CVE-2020-36494 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in th... | E | |
| CVE-2020-36495 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in th... | E | |
| CVE-2020-36496 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in th... | E | |
| CVE-2020-36497 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in th... | E | |
| CVE-2020-36498 | Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulne... | E | |
| CVE-2020-36499 | TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XS... | E | |
| CVE-2020-36501 | Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows... | E | |
| CVE-2020-36502 | Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerabili... | E | |
| CVE-2020-36503 | Connections Business Directory < 9.7 - Admin+ CSV Injection | E S | |
| CVE-2020-36504 | WP-Pro-Quiz <= 0.37 - Arbitrary Quiz Deletion via CSRF | E | |
| CVE-2020-36505 | Delete All Comments Easily <= 1.3 - All Comments Deletion via CSRF | E | |
| CVE-2020-36510 | 15Zine < 3.3.0 - Reflected Cross-Site Scripting | E | |
| CVE-2020-36511 | An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::re... | | |
| CVE-2020-36512 | An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact ma... | | |
| CVE-2020-36513 | An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read fro... | | |
| CVE-2020-36514 | An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from ... | | |
| CVE-2020-36516 | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with t... | | |
| CVE-2020-36517 | An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.... | E S | |
| CVE-2020-36518 | jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a lar... | E | |
| CVE-2020-36519 | Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC align... | E | |
| CVE-2020-36521 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud fo... | | |
| CVE-2020-36523 | PlantUML Database Information Macro cross site scripting | E | |
| CVE-2020-36524 | Refined Toolkit UI-Image/UI-Button cross site scripting | E | |
| CVE-2020-36525 | Linking New Windows Macro cross site scripting | E | |
| CVE-2020-36526 | Countdown Timer Macro cross site scripting | E | |
| CVE-2020-36527 | Server Status HTTP Status/SMTP Status cross site scripting | E | |
| CVE-2020-36528 | Platinum Mobile MobileHandler.ashx access control | E | |
| CVE-2020-36529 | SevOne Network Management System Traceroute traceroute.php command injection | E | |
| CVE-2020-36530 | SevOne Network Management System Alert Summary sql injection | E | |
| CVE-2020-36531 | SevOne Network Management System Device Manager Page injection | | |
| CVE-2020-36532 | Klapp App Authorization Credentials information disclosure | E | |
| CVE-2020-36533 | Klapp App JSON Web Token improper authentication | E | |
| CVE-2020-36534 | easyii CMS out cross-site request forgery | E | |
| CVE-2020-36535 | MINMAX newsDia.php sql injection | | |
| CVE-2020-36536 | Brandbugle main.php sql injection | | |
| CVE-2020-36537 | Everywhere CMS sql injection | | |
| CVE-2020-36538 | Eatan CMS sql injection | | |
| CVE-2020-36539 | Lógico y Creativo sql injection | | |
| CVE-2020-36540 | Neetai Tech product.php sql injection | | |
| CVE-2020-36541 | Demokratian genera_select.php sql injection | E S | |
| CVE-2020-36542 | Demokratian install3.php privileges management | E S | |
| CVE-2020-36543 | SialWeb CMS about.php sql injection | E | |
| CVE-2020-36544 | SialWeb CMS Search cross site scriting | E | |
| CVE-2020-36547 | GE Voluson S8 Service Browser hard-coded credentials | | |
| CVE-2020-36548 | GE Voluson S8 Service Browser users.cgi improper authentication | | |
| CVE-2020-36549 | GE Voluson S8 Windows Operating System Patches privileges management | | |
| CVE-2020-36550 | Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System... | E | |
| CVE-2020-36551 | Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System... | E | |
| CVE-2020-36552 | Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System... | E | |
| CVE-2020-36553 | Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System... | E | |
| CVE-2020-36557 | A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/openi... | S | |
| CVE-2020-36558 | A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer ... | E S | |
| CVE-2020-36559 | Path Traversal in aahframe.work | S | |
| CVE-2020-36560 | Path traversal in github.com/artdarek/go-unzip | E S | |
| CVE-2020-36561 | Path traversal in github.com/yi-ge/unzip | E S | |
| CVE-2020-36562 | Uncontrolled Resource Consumption in github.com/shiyanhui/dht | E | |
| CVE-2020-36563 | Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml | S | |
| CVE-2020-36564 | Improper input validation in github.com/justinas/nosurf | S | |
| CVE-2020-36565 | Directory traversal on Windows in github.com/labstack/echo/v4 | E S | |
| CVE-2020-36566 | Path traversal in github.com/whyrusleeping/tar-utils | S | |
| CVE-2020-36567 | Arbitrary log line injection in github.com/gin-gonic/gin | E S | |
| CVE-2020-36568 | Resource exhaustion in github.com/revel/revel | E S | |
| CVE-2020-36569 | Authentication bypass in github.com/nanobox-io/golang-nanoauth | S | |
| CVE-2020-36599 | lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the messa... | S | |
| CVE-2020-36600 | Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this v... | | |
| CVE-2020-36601 | Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerabili... | | |
| CVE-2020-36602 | There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated ... | | |
| CVE-2020-36603 | The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequ... | E | |
| CVE-2020-36604 | hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.... | | |
| CVE-2020-36605 | File Permissions Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, Hitachi Ops Center Viewpoint | | |
| CVE-2020-36607 | Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary ... | E | |
| CVE-2020-36608 | Tribal Systems Zenario CMS Error Log Module admin_organizer.js cross site scripting | S | |
| CVE-2020-36609 | annyshow DuxCMS Article edit cross site scripting | E | |
| CVE-2020-36610 | annyshow DuxCMS cross-site request forgery | E | |
| CVE-2020-36611 | File and Directory Permission Vulnerability in Hitachi Tuning Manager | | |
| CVE-2020-36615 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big ... | | |
| CVE-2020-36617 | ewxrjk sftpserver parse.c sftp_parse_path uninitialized pointer | S | |
| CVE-2020-36618 | Furqan node-whois index.coffee prototype pollution | E S | |
| CVE-2020-36619 | multimon-ng demod_flex.c add_ch format string | S | |
| CVE-2020-36620 | Brondahl EnumStringValues EnumExtensions.cs GetStringValuesWithPreferences_Uncache resource consumption | S | |
| CVE-2020-36621 | chedabob whatismyudid mobileconfig.js exports.enrollment cross site scripting | S | |
| CVE-2020-36622 | sah-comp bienlein cross-site request forgery | S | |
| CVE-2020-36623 | Pengu index.js runApp cross-site request forgery | S | |
| CVE-2020-36624 | ahorner text-helpers translation.rb reverse tabnabbing | S | |
| CVE-2020-36625 | destiny.gg chat main.go websocket.Upgrader cross-site request forgery | S | |
| CVE-2020-36626 | Modern Tribe Panel Builder Plugin SearchFilter.php add_post_content_filtered_to_search_sql sql injection | E S | |
| CVE-2020-36627 | Macaron i18n i18n.go redirect | S | |
| CVE-2020-36628 | Calsign APDE ZIP File CopyBuildTask.java handleExtract path traversal | S | |
| CVE-2020-36629 | SimbCo httpster server.coffee fs.realpathSync path traversal | E S | |
| CVE-2020-36630 | FreePBX cdr Cdr.class.php ajaxHandler sql injection | S | |
| CVE-2020-36631 | barronwaffles dwc_network_server_emulator gs_database.py update_profile sql injection | S | |
| CVE-2020-36632 | hughsk flat index.js unflatten prototype pollution | S | |
| CVE-2020-36633 | moodle-block_sitenews block_sitenews.php get_content cross-site request forgery | S | |
| CVE-2020-36634 | Indeed Engineering util ViewExportedVariablesServlet.java appendTo cross site scripting | S | |
| CVE-2020-36635 | OpenMRS Appointment Scheduling Module AppointmentTypeValidator.java validateFieldName cross site scripting | S | |
| CVE-2020-36636 | OpenMRS Admin UI Module Account Setup AccountPageController.java sendErrorMessage cross site scripting | S | |
| CVE-2020-36637 | Chris92de AdminServ adminserv.php cross site scripting | S | |
| CVE-2020-36638 | Chris92de AdminServ adminserv.php cross site scripting | S | |
| CVE-2020-36639 | AlliedModders AMX Mod X Console Command adminvote.sma cmdVoteMap path traversal | S | |
| CVE-2020-36640 | bonitasoft bonita-connector-webservice SecureWSConnector.java TransformerConfigurationException xml external entity reference | S | |
| CVE-2020-36641 | gturri aXMLRPC ResponseParser.java ResponseParser xml external entity reference | S | |
| CVE-2020-36642 | trampgeek jobe LanguageTask.php run_in_sandbox command injection | S | |
| CVE-2020-36643 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36644 | jamesmartin Inline SVG URL Parameter helpers.rb cross site scripting | S | |
| CVE-2020-36645 | square squalor sql injection | S | |
| CVE-2020-36646 | MediaArea ZenLib Ztring.cpp Date_From_Seconds_1970_Local unknown vulnerability | S | |
| CVE-2020-36647 | YunoHost-Apps transmission_ynh nginx.conf path traversal | S | |
| CVE-2020-36648 | pouetnet pouet sql injection | S | |
| CVE-2020-36649 | mholt PapaParse papaparse.js redos | E S | |
| CVE-2020-36650 | IonicaBizau node-gry command injection | S | |
| CVE-2020-36651 | youngerheart nodeserver nodeserver.js path traversal | E S | |
| CVE-2020-36652 | File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center | | |
| CVE-2020-36653 | GENI Portal error-text.php cross site scripting | S | |
| CVE-2020-36654 | GENI Portal sliceresource.php no_invocation_id_error cross site scripting | S | |
| CVE-2020-36655 | Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php me... | E M | |
| CVE-2020-36656 | Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting | E | |
| CVE-2020-36657 | uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to ga... | E S | |
| CVE-2020-36658 | In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default whe... | S | |
| CVE-2020-36659 | In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by def... | S | |
| CVE-2020-36660 | paxswill EVE Ship Replacement Program User Information api.py information disclosure | S | |
| CVE-2020-36661 | Kong lua-multipart multipart.lua is_header redos | S | |
| CVE-2020-36662 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-36663 | Artesãos SEOTools OpenGraph.php makeTag redirect | E S | |
| CVE-2020-36664 | Artesãos SEOTools SEOMeta.php setTitle redirect | E S | |
| CVE-2020-36665 | Artesãos SEOTools TwitterCards.php eachValue redirect | E S | |
| CVE-2020-36666 | Multiple e-plugins - Subscriber+ Privilege Escalation | E | |
| CVE-2020-36667 | The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back... | S | |
| CVE-2020-36668 | The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive informa... | | |
| CVE-2020-36669 | The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Reques... | | |
| CVE-2020-36670 | The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of dat... | S | |
| CVE-2020-36691 | An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a den... | S | |
| CVE-2020-36692 | A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older th... | | |
| CVE-2020-36694 | An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free ... | E S | |
| CVE-2020-36695 | File and Directory Permission Vulnerability in Hitachi Command Suite | | |
| CVE-2020-36696 | The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass ... | E S | |
| CVE-2020-36697 | The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability c... | E | |
| CVE-2020-36698 | The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user int... | E | |
| CVE-2020-36699 | The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missi... | E | |
| CVE-2020-36700 | The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in version... | E S | |
| CVE-2020-36701 | The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versi... | E S | |
| CVE-2020-36702 | The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Chang... | E | |
| CVE-2020-36703 | The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ... | E | |
| CVE-2020-36704 | The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters... | E | |
| CVE-2020-36705 | The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing f... | E | |
| CVE-2020-36706 | The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due ... | E | |
| CVE-2020-36707 | The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request For... | | |
| CVE-2020-36708 | The following themes for WordPress are vulnerable to Function Injections in versions up to and inclu... | E | |
| CVE-2020-36709 | The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... | E | |
| CVE-2020-36710 | The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the setting... | E | |
| CVE-2020-36711 | The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout fun... | E | |
| CVE-2020-36712 | The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in vers... | E | |
| CVE-2020-36713 | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and in... | E | |
| CVE-2020-36714 | The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability c... | E | |
| CVE-2020-36715 | The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing cap... | E S | |
| CVE-2020-36716 | The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capa... | E S | |
| CVE-2020-36717 | The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, a... | E | |
| CVE-2020-36718 | The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versi... | E S | |
| CVE-2020-36719 | The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin... | E | |
| CVE-2020-36720 | The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to,... | E | |
| CVE-2020-36721 | The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulne... | E | |
| CVE-2020-36722 | The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, an... | E | |
| CVE-2020-36723 | The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data E... | E | |
| CVE-2020-36724 | The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and incl... | E S | |
| CVE-2020-36725 | The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to ... | E | |
| CVE-2020-36726 | The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, a... | E | |
| CVE-2020-36727 | The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up... | E | |
| CVE-2020-36728 | The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in ver... | E | |
| CVE-2020-36729 | The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capabil... | E S | |
| CVE-2020-36730 | The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the... | E | |
| CVE-2020-36731 | The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated ... | E | |
| CVE-2020-36732 | The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string ... | S | |
| CVE-2020-36735 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plu... | E S | |
| CVE-2020-36736 | The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-S... | E S | |
| CVE-2020-36737 | The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request For... | E S | |
| CVE-2020-36738 | The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site ... | E S | |
| CVE-2020-36739 | The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to ... | E S | |
| CVE-2020-36740 | The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in... | | |
| CVE-2020-36741 | The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... | | |
| CVE-2020-36742 | The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versio... | | |
| CVE-2020-36743 | The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi... | | |
| CVE-2020-36744 | The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to... | | |
| CVE-2020-36745 | The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions ... | | |
| CVE-2020-36746 | The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... | E S | |
| CVE-2020-36747 | The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in ... | E S | |
| CVE-2020-36748 | The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and in... | E S | |
| CVE-2020-36749 | The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions u... | E S | |
| CVE-2020-36750 | The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in version... | S | |
| CVE-2020-36751 | The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t... | E S | |
| CVE-2020-36752 | The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request For... | E S | |
| CVE-2020-36753 | The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and in... | E S | |
| CVE-2020-36754 | The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versio... | E S | |
| CVE-2020-36755 | The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and... | E S | |
| CVE-2020-36756 | The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t... | S | |
| CVE-2020-36757 | The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up... | S | |
| CVE-2020-36758 | The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver... | E S | |
| CVE-2020-36759 | The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions... | E S | |
| CVE-2020-36760 | The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, ... | E S | |
| CVE-2020-36761 | The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i... | E S | |
| CVE-2020-36762 | ONS Digital RAS Collection Instrument comment.yml jobs os command injection | S | |
| CVE-2020-36763 | Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code... | E | |
| CVE-2020-36765 | Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remot... | | |
| CVE-2020-36766 | An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one... | S | |
| CVE-2020-36767 | tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages... | E | |
| CVE-2020-36768 | rl-institut NESP2 database.py sql injection | E S | |
| CVE-2020-36769 | The Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to Stored Cross-Site Scrip... | E | |
| CVE-2020-36770 | pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root... | E S | |
| CVE-2020-36771 | CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In so... | E | |
| CVE-2020-36772 | CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail prox... | E | |
| CVE-2020-36773 | Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gd... | S | |
| CVE-2020-36774 | plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget... | S | |
| CVE-2020-36775 | f2fs: fix to avoid potential deadlock | S | |
| CVE-2020-36776 | thermal/drivers/cpufreq_cooling: Fix slab OOB issue | S | |
| CVE-2020-36777 | media: dvbdev: Fix memory leak in dvb_media_device_free() | S | |
| CVE-2020-36778 | i2c: xiic: fix reference leak when pm_runtime_get_sync fails | S | |
| CVE-2020-36779 | i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails | S | |
| CVE-2020-36780 | i2c: sprd: fix reference leak when pm_runtime_get_sync fails | S | |
| CVE-2020-36781 | i2c: imx: fix reference leak when pm_runtime_get_sync fails | S | |
| CVE-2020-36782 | i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails | S | |
| CVE-2020-36783 | i2c: img-scb: fix reference leak when pm_runtime_get_sync fails | S | |
| CVE-2020-36784 | i2c: cadence: fix reference leak when pm_runtime_get_sync fails | S | |
| CVE-2020-36785 | media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() | S | |
| CVE-2020-36786 | media: [next] staging: media: atomisp: fix memory leak of object flash | S | |
| CVE-2020-36787 | media: aspeed: fix clock handling logic | S | |
| CVE-2020-36788 | drm/nouveau: avoid a use-after-free when BO init fails | S | |
| CVE-2020-36789 | can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context | S | |
| CVE-2020-36790 | nvmet: fix a memory leak | | |
| CVE-2020-36791 | net_sched: keep alloc_hash updated after hash allocation | | |
| CVE-2020-36825 | cyberaz0r WebRAT api.php download_file unrestricted upload | S | |
| CVE-2020-36826 | AwesomestCode LiveBot parseMessage.js parseSend cross site scripting | S | |
| CVE-2020-36827 | The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of ... | | |
| CVE-2020-36828 | DiscuzX install_function.php show_next_step cross site scripting | S | |
| CVE-2020-36829 | The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allo... | | |
| CVE-2020-36830 | nescalante urlregex Backtracking index.js redos | E S | |
| CVE-2020-36831 | NextScripts: Social Networks Auto-Poster <= 4.3.17 - Missing Authorization | | |
| CVE-2020-36832 | Indeed Membership Pro 7.3 - 8.6 - Authentication Bypass | | |
| CVE-2020-36833 | Indeed Membership Pro 7.3 - 8.6 - Missing Authorization Checks | | |
| CVE-2020-36834 | Discount Rules for WooCommerce <= 2.0.2 - Missing Authorization | | |
| CVE-2020-36835 | Migration, Backup, Staging – WPvivid <= 0.9.35 - Sensitive Information Disclosure | S | |
| CVE-2020-36836 | WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion | E S | |
| CVE-2020-36837 | ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset | | |
| CVE-2020-36838 | Facebook Chat Plugin <= 1.5 - Missing Capabilities Check | | |
| CVE-2020-36839 | WP Lead Plus X <= 0.99 - Cross-Site Request Forgery | | |
| CVE-2020-36840 | Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization | S | |
| CVE-2020-36841 | WooCommerce Smart Coupons <= 4.6.0 - Unauthenticated Coupon Creation | | |
| CVE-2020-36842 | Migration, Backup, Staging – WPvivid <= 0.9.35 - Authenticated (Subscriber+) Arbitrary File Upload | S | |
| CVE-2020-36843 | The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature mallea... | | |
| CVE-2020-36844 | The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The resp... | E | |
| CVE-2020-36845 | The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function t... | E |