CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2020-36331 125 2021-05-21 2021-06-11
6.4
None Remote Low Not required Partial None Partial
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
1052 CVE-2020-36330 125 2021-05-21 2021-06-11
6.4
None Remote Low Not required Partial None Partial
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
1053 CVE-2020-36323 134 2021-04-14 2021-04-27
6.4
None Remote Low Not required Partial None Partial
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
1054 CVE-2020-36283 352 XSS CSRF 2021-03-24 2021-03-26
6.8
None Remote Medium Not required Partial Partial Partial
HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
1055 CVE-2020-36254 2021-02-25 2021-03-02
6.8
None Remote Medium Not required Partial Partial Partial
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
1056 CVE-2020-36247 352 CSRF 2021-02-19 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.
1057 CVE-2020-36242 190 Overflow 2021-02-07 2021-02-19
6.4
None Remote Low Not required Partial None Partial
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
1058 CVE-2020-36189 502 2021-01-06 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
1059 CVE-2020-36188 502 2021-01-06 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
1060 CVE-2020-36187 502 2021-01-06 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
1061 CVE-2020-36186 502 2021-01-06 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
1062 CVE-2020-36185 502 2021-01-06 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
1063 CVE-2020-36184 502 2021-01-06 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
1064 CVE-2020-36183 502 2021-01-07 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
1065 CVE-2020-36182 502 2021-01-07 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
1066 CVE-2020-36181 502 2021-01-06 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
1067 CVE-2020-36180 502 2021-01-07 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
1068 CVE-2020-36179 502 2021-01-07 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
1069 CVE-2020-36156 269 2021-01-04 2021-01-08
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges.
1070 CVE-2020-36152 120 Exec Code Overflow 2021-02-08 2021-03-10
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.
1071 CVE-2020-36141 434 Bypass 2021-06-04 2021-06-09
6.5
None Remote Low ??? Partial Partial Partial
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
1072 CVE-2020-36128 290 2021-05-07 2021-05-13
6.4
None Remote Low Not required Partial Partial None
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token (called X-Terminal-Token) to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its reseller. By intercepting HTTPS traffic from the application store, it is possible to collect the request responsible for assigning the X-Terminal-Token to the terminal, which makes it possible to craft an X-Terminal-Token pretending to be another device. An attacker can use this behavior to authenticate its own payment terminal in the application store through token impersonation.
1073 CVE-2020-36079 434 Exec Code 2021-02-26 2021-03-04
6.5
None Remote Low ??? Partial Partial Partial
** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site."
1074 CVE-2020-35982 476 2021-04-21 2021-04-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.
1075 CVE-2020-35981 476 2021-04-21 2021-04-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
1076 CVE-2020-35980 416 2021-04-21 2021-04-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
1077 CVE-2020-35979 787 Overflow 2021-04-21 2021-04-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.
1078 CVE-2020-35963 787 2021-01-03 2021-01-08
6.8
None Remote Medium Not required Partial Partial Partial
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.
1079 CVE-2020-35951 863 2021-01-01 2021-01-08
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).
1080 CVE-2020-35950 352 CSRF 2021-01-01 2021-01-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).
1081 CVE-2020-35948 732 Exec Code 2021-01-01 2021-01-13
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.
1082 CVE-2020-35947 732 XSS 2021-01-01 2021-01-08
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce was present in a publicly viewable page. The greatest impact was the pagelayer_save_content function that allowed pages to be modified and allowed XSS to occur.
1083 CVE-2020-35945 434 2021-01-01 2021-01-12
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.
1084 CVE-2020-35944 352 XSS CSRF 2021-01-01 2021-01-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
1085 CVE-2020-35942 352 Exec Code XSS Bypass CSRF File Inclusion 2021-02-09 2021-02-12
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)
1086 CVE-2020-35939 502 2021-01-01 2021-01-11
6.0
None Remote Medium ??? Partial Partial Partial
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.
1087 CVE-2020-35938 74 2021-01-01 2021-01-11
6.0
None Remote Medium ??? Partial Partial Partial
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.
1088 CVE-2020-35937 79 XSS 2021-01-01 2021-01-11
6.0
None Remote Medium ??? Partial Partial Partial
Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.
1089 CVE-2020-35936 79 XSS 2021-01-01 2021-01-11
6.0
None Remote Medium ??? Partial Partial Partial
Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.
1090 CVE-2020-35935 269 2021-01-01 2021-01-12
6.0
None Remote Medium ??? Partial Partial Partial
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.)
1091 CVE-2020-35932 502 2021-01-01 2021-01-11
6.0
None Remote Medium ??? Partial Partial Partial
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exploitability depends on PHP objects that might be present with certain other plugins or themes.
1092 CVE-2020-35931 754 2020-12-31 2021-01-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.
1093 CVE-2020-35898 416 2020-12-31 2021-01-07
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.
1094 CVE-2020-35892 125 2020-12-31 2021-01-06
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read.
1095 CVE-2020-35889 367 2020-12-31 2021-01-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike.
1096 CVE-2020-35884 444 2020-12-31 2021-01-07
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header.
1097 CVE-2020-35883 22 Dir. Trav. 2020-12-31 2021-01-07
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.
1098 CVE-2020-35882 362 2020-12-31 2021-01-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race.
1099 CVE-2020-35874 362 2020-12-31 2021-01-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free.
1100 CVE-2020-35871 362 2020-12-31 2021-01-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.