CVE-2020-5558

CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.

Source: CVE-2020-5558

CVE-2020-5261

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) before version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched.

Source: CVE-2020-5261

CVE-2020-5552

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Source: CVE-2020-5552

CVE-2020-5553

mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors.

Source: CVE-2020-5553

CVE-2020-5554

Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors.

Source: CVE-2020-5554

CVE-2020-5555

Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue.

Source: CVE-2020-5555

CVE-2020-5556

Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

Source: CVE-2020-5556

CVE-2020-5557

Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Source: CVE-2020-5557

CVE-2020-6802

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.

Source: CVE-2020-6802

CVE-2020-10942

In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.

Source: CVE-2020-10942