CVE-2020-8440

controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.

Source: CVE-2020-8440

CVE-2013-5112

Evernote before 5.5.1 has insecure PIN storage

Source: CVE-2013-5112

CVE-2019-19550

Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL.

Source: CVE-2019-19550

CVE-2013-3322

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.

Source: CVE-2013-3322

CVE-2020-7219

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

Source: CVE-2020-7219

CVE-2020-7956

HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.

Source: CVE-2020-7956

CVE-2020-7955

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

Source: CVE-2020-7955

CVE-2020-7914

In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.

Source: CVE-2020-7914

CVE-2020-7218

HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage.

Source: CVE-2020-7218

CVE-2020-5526

The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Source: CVE-2020-5526