|
202211
|
4.4 |
MEDIUM
Local
|
cloudlinux
|
cagefs
|
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outsid…
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2020-36772
|
2024-11-21 14:30 |
2024-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202212
|
7.8 |
HIGH
Local
|
cloudlinux
|
cagefs
|
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and…
|
NVD-CWE-noinfo
|
CVE-2020-36771
|
2024-11-21 14:30 |
2024-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202213
|
9.8 |
CRITICAL
Network
|
gentoo
|
ebuild_for_slurm
|
pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to bec…
|
NVD-CWE-noinfo
|
CVE-2020-36770
|
2024-11-21 14:30 |
2024-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202214
|
9.8 |
CRITICAL
Network
|
reiner-lemoine-institut
|
nesp2
|
A vulnerability was found in rl-institut NESP2 Initial Release/1.0. It has been classified as critical. Affected is an unknown function of the file app/database.py. The manipulation leads to sql inje…
|
-
|
CVE-2020-36768
|
2024-11-21 14:30 |
2023-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202215
|
7.5 |
HIGH
Network
|
vareille
|
tinyfiledialogs
|
tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.
|
NVD-CWE-noinfo
|
CVE-2020-36767
|
2024-11-21 14:30 |
2023-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202216
|
5.4 |
MEDIUM
Network
|
duxcms_project
|
duxcms
|
Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36763
|
2024-11-21 14:30 |
2023-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202217
|
9.8 |
CRITICAL
Network
|
ons
|
ras_collection_instrument
|
A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. Affected by this issue is the function jobs of the file .github/workflows/comment.yml. The …
|
-
|
CVE-2020-36762
|
2024-11-21 14:30 |
2023-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202218
|
7.8 |
HIGH
Local
|
hitachi
|
compute_systems_manager
device_manager
replication_manager
tiered_storage_manager
tuning_manager
|
Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitach…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-36695
|
2024-11-21 14:30 |
2023-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202219
|
5.3 |
MEDIUM
Network
|
crypto-js_project
|
crypto-js
|
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-36732
|
2024-11-21 14:30 |
2023-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202220
|
6.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurren…
|
CWE-416
Use After Free
|
CVE-2020-36694
|
2024-11-21 14:30 |
2023-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
