Search

Search Results (363449 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-36287 1 Atlassian 4 Data Center, Jira, Jira Data Center and 1 more 2024-11-21 5.3 Medium
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.
CVE-2020-36286 1 Atlassian 4 Data Center, Jira, Jira Data Center and 1 more 2024-11-21 5.3 Medium
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field.
CVE-2020-36285 1 Unionpayintl 1 Union Pay 2024-11-21 7.5 High
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
CVE-2020-36284 1 Unionpayintl 1 Union Pay 2024-11-21 7.5 High
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
CVE-2020-36283 1 Hidglobal 4 Omnikey 5127, Omnikey 5127 Firmware, Omnikey 5427 and 1 more 2024-11-21 9.6 Critical
HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2020-36282 1 Rabbitmq 1 Jms Client 2024-11-21 9.8 Critical
JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.
CVE-2020-36281 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2024-11-21 7.5 High
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.
CVE-2020-36280 2 Fedoraproject, Leptonica 2 Fedora, Leptonica 2024-11-21 7.5 High
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.
CVE-2020-36279 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2024-11-21 7.5 High
Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.
CVE-2020-36278 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2024-11-21 7.5 High
Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.
CVE-2020-36277 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2024-11-21 7.5 High
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.
CVE-2020-36255 1 Identitymodel Project 1 Identitymodel 2024-11-21 7.5 High
An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.
CVE-2020-36251 1 Owncloud 1 Owncloud 2024-11-21 3.5 Low
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.
CVE-2020-36249 1 Owncloud 1 File Firewall 2024-11-21 7.5 High
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
CVE-2020-36247 1 Osc 1 Open Ondemand 2024-11-21 8.8 High
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.
CVE-2020-36246 1 Amaze File Manager Project 1 Amaze File Manager 2024-11-21 7.8 High
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.
CVE-2020-36245 1 Gramaddict 1 Gramaddict 2024-11-21 8.8 High
GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network.
CVE-2020-36244 2 Debian, Genivi 2 Debian Linux, Diagnostic Log And Trace 2024-11-21 9.8 Critical
The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6).
CVE-2020-36243 1 Open-emr 1 Openemr 2024-11-21 8.8 High
The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.
CVE-2020-36242 4 Cryptography.io, Fedoraproject, Oracle and 1 more 6 Cryptography, Fedora, Communications Cloud Native Core Network Function Cloud Native Environment and 3 more 2024-11-21 9.1 Critical
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.