Search Results (83918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-36216 1 Petabi 1 Eventio 2024-11-21 5.9 Medium
An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.
CVE-2020-36215 1 Hashconsing Project 1 Hashconsing 2024-11-21 7.5 High
An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.
CVE-2020-36211 1 Devolutions 1 Gfwx 2024-11-21 7.0 High
An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.
CVE-2020-36210 1 Autorand Project 1 Autorand 2024-11-21 7.8 High
An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.
CVE-2020-36208 1 Conquer-once Project 1 Conquer-once 2024-11-21 7.8 High
An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption.
CVE-2020-36207 1 Aovec Project 1 Aovec 2024-11-21 7.0 High
An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.
CVE-2020-36206 1 Rusb Project 1 Rusb 2024-11-21 7.0 High
An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur.
CVE-2020-36203 1 Reffers Project 1 Reffers 2024-11-21 4.7 Medium
An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.
CVE-2020-36202 1 Rust-lang 1 Async-h1 2024-11-21 6.1 Medium
An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.
CVE-2020-36199 1 Kaspersky 1 Tinycheck 2024-11-21 9.8 Critical
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.
CVE-2020-36198 1 Qnap 1 Malware Remover 2024-11-21 6.7 Medium
A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP Systems Inc. Malware Remover 3.x.
CVE-2020-36196 1 Qnap 1 Qulog Center 2024-11-21 6.1 Medium
A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0.
CVE-2020-36194 1 Qnap 2 Qts, Quts Hero 2024-11-21 6.1 Medium
An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3.
CVE-2020-36190 1 Rails Admin Project 1 Rails Admin 2024-11-21 6.1 Medium
RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.
CVE-2020-36178 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-11-21 9.8 Critical
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.
CVE-2020-36177 1 Wolfssl 1 Wolfssl 2024-11-21 9.8 Critical
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
CVE-2020-36172 1 Advancedcustomfields 1 Advanced Custom Fields 2024-11-21 6.1 Medium
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.
CVE-2020-36171 1 Elementor 1 Website Builder 2024-11-21 6.1 Medium
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.
CVE-2020-36154 1 Pearson 1 Vue Testing System 2024-11-21 7.8 High
The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application.
CVE-2020-36151 2 Fedoraproject, Symonics 2 Fedora, Libmysofa 2024-11-21 6.5 Medium
Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.