|
201821
|
6.1 |
MEDIUM
Network
|
codetipi
|
15zine
|
The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2020-36510
|
2024-11-21 14:29 |
2022-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201822
|
5.9 |
MEDIUM
Network
|
linux
netapp
|
linux_kernel
solidfire_\&_hci_management_node
cloud_volumes_ontap_mediator
solidfire\
_enterprise_sds_\&_hci_storage_node
e-series_santricity_os_controller
h300s_firmware
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-36516
|
2024-11-21 14:29 |
2022-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
201823
|
9.8 |
CRITICAL
Network
|
acc_reader_project
|
acc_reader
|
An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-36514
|
2024-11-21 14:29 |
2021-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201824
|
9.8 |
CRITICAL
Network
|
acc_reader_project
|
acc_reader
|
An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-36513
|
2024-11-21 14:29 |
2021-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201825
|
9.8 |
CRITICAL
Network
|
buffoon_project
|
buffoon
|
An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-36512
|
2024-11-21 14:29 |
2021-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201826
|
7.5 |
HIGH
Network
|
bite_project
|
bite
|
An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-36511
|
2024-11-21 14:29 |
2021-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201827
|
6.5 |
MEDIUM
Network
|
delete_all_comments_easily_project
|
delete_all_comments_easily
|
The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all …
|
-
|
CVE-2020-36505
|
2024-11-21 14:29 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201828
|
6.5 |
MEDIUM
Network
|
wp-pro-quiz_project
|
wp-pro-quiz
|
The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog
|
-
|
CVE-2020-36504
|
2024-11-21 14:29 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201829
|
8.0 |
HIGH
Network
|
connections-pro
|
connections_business_directory
|
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue
|
-
|
CVE-2020-36503
|
2024-11-21 14:29 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201830
|
9.8 |
CRITICAL
Network
|
aaptjs_project
|
aaptjs
|
An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
|
CWE-78
OS Command
|
CVE-2020-36381
|
2024-11-21 14:29 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
