|
208691
|
8.8 |
HIGH
Local
|
veritas
|
system_recovery
|
An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf config…
|
NVD-CWE-noinfo
|
CVE-2020-36160
|
2024-11-21 14:28 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208692
|
7.5 |
HIGH
Network
|
gjson_project
|
gjson
|
GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.
|
CWE-129
Improper Validation of Array Index
|
CVE-2020-36067
|
2024-11-21 14:28 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208693
|
7.5 |
HIGH
Network
|
gjson_project
|
gjson
|
GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.
|
NVD-CWE-noinfo
|
CVE-2020-36066
|
2024-11-21 14:28 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208694
|
5.3 |
MEDIUM
Network
|
veritas
|
desktop_and_laptop_option
|
Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication.
|
NVD-CWE-noinfo
|
CVE-2020-36159
|
2024-11-21 14:28 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208695
|
6.7 |
MEDIUM
Local
|
linux
fedoraproject
debian
netapp
|
linux_kernel
fedora
debian_linux
cloud_backup
solidfire_baseboard_management_controller_firmware
|
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-36158
|
2024-11-21 14:28 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208696
|
9.8 |
CRITICAL
Network
|
ultimatemember
|
ultimate_member
|
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that cou…
|
NVD-CWE-noinfo
|
CVE-2020-36157
|
2024-11-21 14:28 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208697
|
8.8 |
HIGH
Network
|
ultimatemember
|
ultimate_member
|
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page cou…
|
CWE-269
Improper Privilege Management
|
CVE-2020-36156
|
2024-11-21 14:28 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208698
|
9.8 |
CRITICAL
Network
|
ultimatemember
|
ultimate_member
|
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive me…
|
CWE-269
Improper Privilege Management
|
CVE-2020-36155
|
2024-11-21 14:28 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208699
|
7.8 |
HIGH
Local
|
pearson
|
vue_testing_system
|
The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-36154
|
2024-11-21 14:28 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208700
|
9.8 |
CRITICAL
Network
|
cse_bookstore_project
|
cse_bookstore
|
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of th…
|
CWE-89
SQL Injection
|
CVE-2020-36112
|
2024-11-21 14:28 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
