Total
34253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36009 | 1 Obottle Project | 1 Obottle | 2024-11-21 | 7.5 High |
| OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability. | ||||
| CVE-2020-36008 | 1 Obottle Project | 1 Obottle | 2024-11-21 | 8.1 High |
| OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability. | ||||
| CVE-2020-36006 | 1 Appcms | 1 Appcms | 2024-11-21 | 6.5 Medium |
| AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site. | ||||
| CVE-2020-36005 | 1 Appcms | 1 Appcms | 2024-11-21 | 6.5 Medium |
| AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site. | ||||
| CVE-2020-35962 | 1 Loopring | 1 Loopring | 2024-11-21 | 7.5 High |
| The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation. | ||||
| CVE-2020-35952 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 6.5 Medium |
| login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration. | ||||
| CVE-2020-35935 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | 7.5 High |
| The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.) | ||||
| CVE-2020-35927 | 1 Thex Project | 1 Thex | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types. | ||||
| CVE-2020-35925 | 1 Magnetic Project | 1 Magnetic | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type. | ||||
| CVE-2020-35922 | 1 Mio Project | 1 Mio | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35921 | 1 Miow Project | 1 Miow | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35920 | 1 Rust-lang | 1 Socket2 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35919 | 1 Net2 Project | 1 Net2 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | ||||
| CVE-2020-35918 | 1 Hakobaito | 1 Branca | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic. | ||||
| CVE-2020-35915 | 1 Futures-intrusive Project | 1 Futures-intrusive | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types. | ||||
| CVE-2020-35910 | 1 Lock Api Project | 1 Lock Api | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness. | ||||
| CVE-2020-35909 | 1 Protocol | 1 Multihash | 2024-11-21 | 7.5 High |
| An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server. | ||||
| CVE-2020-35908 | 1 Rust-lang | 1 Future-utils | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled. | ||||
| CVE-2020-35904 | 1 Crossbeam-channel Project | 1 Crossbeam-channel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are. | ||||
| CVE-2020-35903 | 1 Dync Project | 1 Dync | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question. | ||||