|
198021
|
9.8 |
CRITICAL
Network
|
webmproject
redhat
netapp
debian
apple
|
libwebp
enterprise_linux
ontap_select_deploy_administration_utility
debian_linux
iphone_os
ipados
|
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and inte…
|
CWE-416
Use After Free
|
CVE-2020-36329
|
2024-11-21 14:29 |
2021-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198022
|
9.8 |
CRITICAL
Network
|
webmproject
redhat
netapp
debian
apple
|
libwebp
enterprise_linux
ontap_select_deploy_administration_utility
debian_linux
ipados
iphone_os
|
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vuln…
|
-
|
CVE-2020-36328
|
2024-11-21 14:29 |
2021-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198023
|
6.1 |
MEDIUM
Network
|
smartstore
|
smartstorenet
|
Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect.
|
CWE-601
Open Redirect
|
CVE-2020-36365
|
2024-11-21 14:29 |
2021-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198024
|
9.1 |
CRITICAL
Network
|
smartstore
|
smartstorenet
|
An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Crea…
|
CWE-22
Path Traversal
|
CVE-2020-36364
|
2024-11-21 14:29 |
2021-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198025
|
6.7 |
MEDIUM
Local
|
qnap
|
malware_remover
|
A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue a…
|
CWE-78
OS Command
|
CVE-2020-36198
|
2024-11-21 14:29 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198026
|
5.3 |
MEDIUM
Network
|
atlassian
|
data_center
jira
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa…
|
CWE-863
Incorrect Authorization
|
CVE-2020-36289
|
2024-11-21 14:29 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198027
|
8.8 |
HIGH
Network
|
themegrill
|
themegrill_demo_importer
|
themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.
|
CWE-352
Origin Validation Error
|
CVE-2020-36334
|
2024-11-21 14:29 |
2021-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198028
|
9.1 |
CRITICAL
Network
|
themegrill
|
themegrill_demo_importer
|
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-36333
|
2024-11-21 14:29 |
2021-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198029
|
8.8 |
HIGH
Network
|
bundler
fedoraproject
microsoft
|
bundler
fedora
package_manager_configurations
|
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chos…
|
NVD-CWE-noinfo
|
CVE-2020-36327
|
2024-11-21 14:29 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198030
|
9.8 |
CRITICAL
Network
|
phpmailer_project
wordpress
|
phpmailer
wordpress
|
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a func…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-36326
|
2024-11-21 14:29 |
2021-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
