|
209741
|
9.8 |
CRITICAL
Network
|
bbpress
|
bbpress
|
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
|
NVD-CWE-noinfo
|
CVE-2020-13693
|
2024-11-21 14:01 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209742
|
4.8 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13660
|
2024-11-21 14:01 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209743
|
7.5 |
HIGH
Network
|
jerryscript
|
jerryscript
|
parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all a…
|
CWE-754
CWE-476
CWE-617
Improper Check for Unusual or Exceptional Conditions
NULL Pointer Dereference
Reachable Assertion
|
CVE-2020-13649
|
2024-11-21 14:01 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209744
|
3.2 |
LOW
Local
|
qemu
debian
opensuse
canonical
|
qemu
debian_linux
leap
ubuntu_linux
|
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-13362
|
2024-11-21 14:01 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209745
|
3.9 |
LOW
Local
|
qemu
debian
opensuse
canonical
|
qemu
debian_linux
leap
ubuntu_linux
|
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-13361
|
2024-11-21 14:01 |
2020-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209746
|
6.5 |
MEDIUM
Network
|
gnome
canonical
fedoraproject
netapp
broadcom
|
balsa
glib-networking
ubuntu_linux
fedora
cloud_backup
fabric_operating_system
|
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-13645
|
2024-11-21 14:01 |
2020-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209747
|
5.4 |
MEDIUM
Network
|
pickplugins
|
accordion
|
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher pe…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13644
|
2024-11-21 14:01 |
2020-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209748
|
8.8 |
HIGH
Network
|
siteorigin
|
page_builder
|
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of …
|
CWE-352
Origin Validation Error
|
CVE-2020-13643
|
2024-11-21 14:01 |
2020-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209749
|
8.8 |
HIGH
Network
|
siteorigin
|
page_builder
|
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged o…
|
CWE-352
Origin Validation Error
|
CVE-2020-13642
|
2024-11-21 14:01 |
2020-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209750
|
8.8 |
HIGH
Network
|
infolific
|
real-time_find_and_replace
|
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on beh…
|
CWE-352
Origin Validation Error
|
CVE-2020-13641
|
2024-11-21 14:01 |
2020-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
