|
199151
|
6.1 |
MEDIUM
Network
|
smartstore
|
smartstorenet
|
Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect.
|
CWE-601
Open Redirect
|
CVE-2020-36365
|
2024-11-21 14:29 |
2021-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199152
|
9.1 |
CRITICAL
Network
|
smartstore
|
smartstorenet
|
An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Crea…
|
CWE-22
Path Traversal
|
CVE-2020-36364
|
2024-11-21 14:29 |
2021-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199153
|
6.7 |
MEDIUM
Local
|
qnap
|
malware_remover
|
A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue a…
|
CWE-78
OS Command
|
CVE-2020-36198
|
2024-11-21 14:29 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199154
|
5.3 |
MEDIUM
Network
|
atlassian
|
data_center
jira
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa…
|
CWE-863
Incorrect Authorization
|
CVE-2020-36289
|
2024-11-21 14:29 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199155
|
8.8 |
HIGH
Network
|
themegrill
|
themegrill_demo_importer
|
themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.
|
CWE-352
Origin Validation Error
|
CVE-2020-36334
|
2024-11-21 14:29 |
2021-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199156
|
9.1 |
CRITICAL
Network
|
themegrill
|
themegrill_demo_importer
|
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-36333
|
2024-11-21 14:29 |
2021-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199157
|
8.8 |
HIGH
Network
|
bundler
fedoraproject
microsoft
|
bundler
fedora
package_manager_configurations
|
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chos…
|
NVD-CWE-noinfo
|
CVE-2020-36327
|
2024-11-21 14:29 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199158
|
9.8 |
CRITICAL
Network
|
phpmailer_project
wordpress
|
phpmailer
wordpress
|
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a func…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-36326
|
2024-11-21 14:29 |
2021-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199159
|
7.5 |
HIGH
Network
|
jansson_project
|
jansson
|
An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fai…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-36325
|
2024-11-21 14:29 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199160
|
7.5 |
HIGH
Network
|
vaadin
|
flow
vaadin
|
Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker…
|
CWE-22
Path Traversal
|
CVE-2020-36321
|
2024-11-21 14:29 |
2021-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
