Total
34199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36161 | 2 Microsoft, Veritas | 2 Windows, Aptare It Analytics | 2024-11-21 | 8.8 High |
| An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. | ||||
| CVE-2020-36160 | 2 Microsoft, Veritas | 2 Windows, System Recovery | 2024-11-21 | 9.3 Critical |
| An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data and installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain. | ||||
| CVE-2020-36159 | 1 Veritas | 1 Desktop And Laptop Option | 2024-11-21 | 5.3 Medium |
| Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication. | ||||
| CVE-2020-36157 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 10 Critical |
| An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges. | ||||
| CVE-2020-36066 | 1 Gjson Project | 1 Gjson | 2024-11-21 | 7.5 High |
| GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON. | ||||
| CVE-2020-36037 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 8.8 High |
| An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php. | ||||
| CVE-2020-36009 | 1 Obottle Project | 1 Obottle | 2024-11-21 | 7.5 High |
| OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability. | ||||
| CVE-2020-36008 | 1 Obottle Project | 1 Obottle | 2024-11-21 | 8.1 High |
| OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability. | ||||
| CVE-2020-36006 | 1 Appcms | 1 Appcms | 2024-11-21 | 6.5 Medium |
| AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site. | ||||
| CVE-2020-36005 | 1 Appcms | 1 Appcms | 2024-11-21 | 6.5 Medium |
| AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site. | ||||
| CVE-2020-35962 | 1 Loopring | 1 Loopring | 2024-11-21 | 7.5 High |
| The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation. | ||||
| CVE-2020-35952 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 6.5 Medium |
| login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration. | ||||
| CVE-2020-35935 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | 7.5 High |
| The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.) | ||||
| CVE-2020-35927 | 1 Thex Project | 1 Thex | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types. | ||||
| CVE-2020-35925 | 1 Magnetic Project | 1 Magnetic | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type. | ||||
| CVE-2020-35922 | 1 Mio Project | 1 Mio | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35921 | 1 Miow Project | 1 Miow | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35920 | 1 Rust-lang | 1 Socket2 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35919 | 1 Net2 Project | 1 Net2 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35918 | 1 Hakobaito | 1 Branca | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic. | ||||