|
199011
|
7.5 |
HIGH
Network
|
fasterxml
oracle
debian
netapp
|
jackson-databind
weblogic_server
commerce_platform
utilities_framework
peoplesoft_enterprise_peopletools
primavera_unifier
sd-wan_edge
coherence
global_lifecycle_management_ne…
|
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-36518
|
2024-11-21 14:29 |
2022-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199012
|
7.5 |
HIGH
Network
|
home-assistant
|
home-assistant
|
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS r…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-36517
|
2024-11-21 14:29 |
2022-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199013
|
6.1 |
MEDIUM
Network
|
codetipi
|
15zine
|
The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2020-36510
|
2024-11-21 14:29 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199014
|
5.9 |
MEDIUM
Network
|
linux
netapp
|
linux_kernel
solidfire_\&_hci_management_node
cloud_volumes_ontap_mediator
solidfire\
_enterprise_sds_\&_hci_storage_node
e-series_santricity_os_controller
h300s_firmware
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-36516
|
2024-11-21 14:29 |
2022-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
199015
|
9.8 |
CRITICAL
Network
|
acc_reader_project
|
acc_reader
|
An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-36514
|
2024-11-21 14:29 |
2021-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199016
|
9.8 |
CRITICAL
Network
|
acc_reader_project
|
acc_reader
|
An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-36513
|
2024-11-21 14:29 |
2021-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199017
|
9.8 |
CRITICAL
Network
|
buffoon_project
|
buffoon
|
An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-36512
|
2024-11-21 14:29 |
2021-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199018
|
7.5 |
HIGH
Network
|
bite_project
|
bite
|
An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-36511
|
2024-11-21 14:29 |
2021-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199019
|
6.5 |
MEDIUM
Network
|
delete_all_comments_easily_project
|
delete_all_comments_easily
|
The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all …
|
-
|
CVE-2020-36505
|
2024-11-21 14:29 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199020
|
6.5 |
MEDIUM
Network
|
wp-pro-quiz_project
|
wp-pro-quiz
|
The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog
|
-
|
CVE-2020-36504
|
2024-11-21 14:29 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
