CVE-2020-25121
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options.
Source: CVE-2020-25121
CVE-2020-25121
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options.
Source: CVE-2020-25121
CVE-2020-25122
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.
Source: CVE-2020-25122
CVE-2020-25118
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.
Source: CVE-2020-25118
CVE-2020-25115
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
Source: CVE-2020-25115
CVE-2020-25116
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
Source: CVE-2020-25116
CVE-2020-25119
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.
Source: CVE-2020-25119
CVE-2020-25117
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
Source: CVE-2020-25117
CVE-2020-14373
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.
Source: CVE-2020-14373
CVE-2020-11579
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
Source: CVE-2020-11579
CVE-2020-10720
A flaw was found in the Linux kernel’s implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.
Source: CVE-2020-10720