The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-36203 | An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption. | LOW | Jan 26, 2021 | 21.11 (VxWorks 7) |
| CVE-2020-36202 | An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy. | MEDIUM | Jan 26, 2021 | 21.11 (VxWorks 7) |
| CVE-2020-36201 | An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices. | MEDIUM | Jan 26, 2021 | n/a |
| CVE-2020-36200 | TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs. | MEDIUM | Jan 26, 2021 | n/a |
| CVE-2020-36199 | TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places. | HIGH | Jan 26, 2021 | n/a |
| CVE-2020-36198 | A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP Systems Inc. Malware Remover 3.x. | MEDIUM | May 14, 2021 | n/a |
| CVE-2020-36197 | An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS hero h4.5.2; versions prior to 5.3.16 on QuTScloud c4.5.4. | MEDIUM | May 14, 2021 | n/a |
| CVE-2020-36196 | A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0. | MEDIUM | Jul 1, 2021 | n/a |
| CVE-2020-36195 | An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later | HIGH | Apr 17, 2021 | n/a |
| CVE-2020-36194 | An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. | MEDIUM | Jul 1, 2021 | n/a |
| CVE-2020-36193 | Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. | MEDIUM | Jan 22, 2021 | n/a |
| CVE-2020-36192 | An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on the view.php page, as well as on the list.php page (a pop-up on the Affected Issues id hyperlink). Additionally, if the attacker has Update threshold in the plugin\'s configuration (set to the updater access level by default), then they can link any Issue to a Changeset by entering the Issue\'s Id, even if they do not have access to it. | MEDIUM | Jan 22, 2021 | n/a |
| CVE-2020-36191 | JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account). | LOW | Jan 13, 2021 | n/a |
| CVE-2020-36190 | RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms. | MEDIUM | Jan 14, 2021 | n/a |
| CVE-2020-36189 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36188 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36187 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36186 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36185 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36184 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36183 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36182 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36181 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36180 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36179 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36178 | oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36177 | RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. | HIGH | Jan 6, 2021 | n/a |
| CVE-2020-36176 | The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. | MEDIUM | Jan 6, 2021 | n/a |
| CVE-2020-36175 | The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. | MEDIUM | Jan 8, 2021 | n/a |
| CVE-2020-36174 | The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. | MEDIUM | Jan 8, 2021 | n/a |
| CVE-2020-36173 | The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. | MEDIUM | Jan 8, 2021 | n/a |
| CVE-2020-36172 | The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. | MEDIUM | Jan 8, 2021 | n/a |
| CVE-2020-36171 | The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. | MEDIUM | Jan 6, 2021 | n/a |
| CVE-2020-36170 | The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name=timestamp fields in forms. | MEDIUM | Jan 8, 2021 | n/a |
| CVE-2020-36169 | An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations. | HIGH | Jan 6, 2021 | n/a |
| CVE-2020-36168 | An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\\. A low privileged user can create a C:\\usr\\local\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. | HIGH | Jan 6, 2021 | n/a |
| CVE-2020-36167 | An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\\usr\\local\\ssl\\openssl.cnf. A low privileged user can create a :\\usr\\local\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36166 | An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \\usr\\local\\ssl. This library attempts to load the \\usr\\local\\ssl\\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\\usr\\local\\ssl\\openssl.cnf, where <drive> could be the default Windows installation drive such as C:\\ or the drive where a Veritas product is installed. By default, on Windows systems, users can create directories under any top-level directory. A low privileged user can create a <drive>:\\usr\\local\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. | HIGH | Jan 6, 2021 | n/a |
| CVE-2020-36165 | An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\\. A low privileged user can create a C:/ReleaseX64/ssl/openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This impacts DLO server and client installations. | HIGH | Jan 6, 2021 | n/a |
| CVE-2020-36164 | An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the System drive (typically C:\\) and the product\'s installation drive (typically not C:\\): \\Isode\\etc\\ssl\\openssl.cnf (on SMTP Server) or \\user\\ssl\\openssl.cnf (on other affected components). By default, on Windows systems, users can create directories under C:\\. A low privileged user can create a openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability only affects a server with MTP Server, SMTP Archiving IMAP Server, IMAP Archiving, Vault Cloud Adapter, NetApp File server, or File System Archiving for NetApp as File Server. | HIGH | Jan 6, 2021 | n/a |
| CVE-2020-36163 | An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This affects NetBackup master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade on all systems and post-install on Master, Media, and OpsCenter servers during normal operations. | HIGH | Jan 6, 2021 | n/a |
| CVE-2020-36162 | An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \\usr\\local\\ssl\\openssl.cnf configuration file, which does not exist. By default, on Windows systems users can create directories under <drive>:\\. A low privileged user can create a <drive>:\\usr\\local\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine, which may result in arbitrary code execution. This would give the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. | HIGH | Jan 6, 2021 | n/a |
| CVE-2020-36161 | An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. | HIGH | Jan 6, 2021 | n/a |
| CVE-2020-36160 | An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \\usr\\local\\ssl. This library attempts to load the from \\usr\\local\\ssl\\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\\. A low privileged user can create a C:\\usr\\local\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data and installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain. | HIGH | Jan 6, 2021 | n/a |
| CVE-2020-36159 | Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication. | MEDIUM | Jan 8, 2021 | n/a |
| CVE-2020-36158 | mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. | HIGH | Jan 8, 2021 | n/a |
| CVE-2020-36157 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36156 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges. | MEDIUM | Jan 8, 2021 | n/a |
| CVE-2020-36155 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user\'s role. During the registration process, submitted registration details were passed to the update_profile function, and any metadata was accepted, e.g., wp_capabilities[administrator] for Administrator access. | HIGH | Jan 7, 2021 | n/a |
| CVE-2020-36154 | The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the %SYSTEMDRIVE%\\Pearson VUE directory, which allows local users to obtain administrative privileges via a Trojan horse application. | HIGH | Jan 4, 2021 | n/a |
