OBottle 2.0 in cg.php contains an arbitrary file download vulnerability.
NVD-CWE-noinfo
CVE-2020-36066
GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.
CVE-2020-3611
u’XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue’ in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130
CVE-2020-35952
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single “Incorrect username or password” message in both cases), which might allow enumeration.
CVE-2020-35962
The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.
CVE-2020-36005
AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site.