CVE-2020-26181
- Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN ...
read CVE-2020-26181
Published:
January 05, 2021; 5:15:13 PM -0500
CVE-2020-35946
- An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.
Published:
December 31, 2020; 11:15:13 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2021-22493
- An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The quram library allows attackers to execute arbitrary code or cause a denial of service (memory corruption) during dng decoding. The Samsung ID is SVE-2...
read CVE-2021-22493
Published:
January 05, 2021; 1:15:18 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-35944
- An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
Published:
December 31, 2020; 11:15:13 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-20309
- Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
Published:
January 07, 2021; 12:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-20310
- Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
Published:
January 07, 2021; 12:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-20311
- Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
Published:
January 07, 2021; 12:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-27844
- A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerab...
read CVE-2020-27844
Published:
January 05, 2021; 1:15:14 PM -0500
CVE-2018-20312
- Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.
Published:
January 07, 2021; 12:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-20313
- Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
Published:
January 07, 2021; 1:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-20314
- Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
Published:
January 07, 2021; 1:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-20315
- Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
Published:
January 07, 2021; 1:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-36159
- Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication.
Published:
January 05, 2021; 2:15:17 PM -0500
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2015-2992
- Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.
Published:
February 27, 2020; 1:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20316
- Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.
Published:
January 07, 2021; 1:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-20484
- An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.
Published:
January 05, 2021; 5:15:13 PM -0500
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2019-20483
- An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application.
Published:
January 05, 2021; 4:15:14 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-29491
- Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leadi...
read CVE-2020-29491
Published:
January 04, 2021; 5:15:13 PM -0500
V3.1: 8.6 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-29492
- Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any tar...
read CVE-2020-29492
Published:
January 04, 2021; 5:15:13 PM -0500
V3.1: 10.0 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2020-26046
- FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.
Published:
January 05, 2021; 10:15:13 AM -0500
V3.1: 5.4 MEDIUM
V2.0: 4.3 MEDIUM