Search Results (363419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-36190 1 Rails Admin Project 1 Rails Admin 2024-11-21 6.1 Medium
RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.
CVE-2020-36189 5 Debian, Fasterxml, Netapp and 2 more 42 Debian Linux, Jackson-databind, Cloud Backup and 39 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVE-2020-36188 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CVE-2020-36187 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CVE-2020-36186 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CVE-2020-36185 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-36184 5 Debian, Fasterxml, Netapp and 2 more 60 Debian Linux, Jackson-databind, Cloud Backup and 57 more 2024-11-21 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-36183 5 Debian, Fasterxml, Netapp and 2 more 47 Debian Linux, Jackson-databind, Cloud Backup and 44 more 2024-11-21 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CVE-2020-36182 5 Debian, Fasterxml, Netapp and 2 more 60 Debian Linux, Jackson-databind, Cloud Backup and 57 more 2024-11-21 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36181 5 Debian, Fasterxml, Netapp and 2 more 59 Debian Linux, Jackson-databind, Service Level Manager and 56 more 2024-11-21 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36180 5 Debian, Fasterxml, Netapp and 2 more 60 Debian Linux, Jackson-databind, Cloud Backup and 57 more 2024-11-21 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36179 5 Debian, Fasterxml, Netapp and 2 more 58 Debian Linux, Jackson-databind, Cloud Backup and 55 more 2024-11-21 8.8 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36178 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-11-21 9.8 Critical
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.
CVE-2020-36177 1 Wolfssl 1 Wolfssl 2024-11-21 9.8 Critical
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
CVE-2020-36176 1 Ithemes 1 Ithemes Security 2024-11-21 7.5 High
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.
CVE-2020-36175 1 Ninjaforms 1 Ninja Forms 2024-11-21 5.3 Medium
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.
CVE-2020-36174 1 Ninjaforms 1 Ninja Forms 2024-11-21 6.5 Medium
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.
CVE-2020-36173 1 Ninjaforms 1 Ninja Forms 2024-11-21 5.3 Medium
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.
CVE-2020-36172 1 Advancedcustomfields 1 Advanced Custom Fields 2024-11-21 6.1 Medium
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.
CVE-2020-36171 1 Elementor 1 Website Builder 2024-11-21 6.1 Medium
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.