CVE-2019-7356

Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.

Source: CVE-2019-7356

CVE-2020-28049

An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that – for a short time period – allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.

Source: CVE-2020-28049

CVE-2020-8037

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

Source: CVE-2020-8037

CVE-2020-8036

The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.

Source: CVE-2020-8036

CVE-2020-22274

JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer’s profile.

Source: CVE-2020-22274

CVE-2020-22273

Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website’s Settings to be changed (such as Payment Settings)

Source: CVE-2020-22273

CVE-2020-26167

In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.

Source: CVE-2020-26167

CVE-2020-22278

phpMyAdmin through 5.0.2 allows CSV injection via Export Section

Source: CVE-2020-22278

CVE-2020-22277

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer’s profile.

Source: CVE-2020-22277

CVE-2020-22275

Easy Registration Forms (ER Forms) WordPress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.

Source: CVE-2020-22275