Search Results (83918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-36376 1 Aaptjs Project 1 Aaptjs 2024-11-21 9.8 Critical
An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
CVE-2020-36328 5 Apple, Debian, Netapp and 2 more 8 Ipados, Iphone Os, Debian Linux and 5 more 2024-11-21 9.8 Critical
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36324 1 Wikimedia 1 Analytics-quarry-web 2024-11-21 6.1 Medium
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
CVE-2020-36317 2 Redhat, Rust-lang 3 Devtools, Enterprise Linux, Rust 2024-11-21 7.5 High
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.
CVE-2020-36312 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 5.5 Medium
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.
CVE-2020-36308 2 Debian, Redmine 2 Debian Linux, Redmine 2024-11-21 5.3 Medium
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
CVE-2020-36307 2 Debian, Redmine 2 Debian Linux, Redmine 2024-11-21 6.1 Medium
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
CVE-2020-36306 2 Debian, Redmine 2 Debian Linux, Redmine 2024-11-21 6.1 Medium
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
CVE-2020-36290 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 5.4 Medium
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.
CVE-2020-36288 1 Atlassian 4 Data Center, Jira, Jira Data Center and 1 more 2024-11-21 6.1 Medium
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution.
CVE-2020-36246 1 Amaze File Manager Project 1 Amaze File Manager 2024-11-21 7.8 High
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.
CVE-2020-36244 2 Debian, Genivi 2 Debian Linux, Diagnostic Log And Trace 2024-11-21 9.8 Critical
The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6).
CVE-2020-36243 1 Open-emr 1 Openemr 2024-11-21 8.8 High
The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.
CVE-2020-36242 4 Cryptography.io, Fedoraproject, Oracle and 1 more 6 Cryptography, Fedora, Communications Cloud Native Core Network Function Cloud Native Environment and 3 more 2024-11-21 9.1 Critical
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
CVE-2020-36236 1 Atlassian 4 Jira, Jira Data Center, Jira Server and 1 more 2024-11-21 6.1 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
CVE-2020-36234 1 Atlassian 4 Data Center, Jira, Jira Data Center and 1 more 2024-11-21 4.8 Medium
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
CVE-2020-36225 3 Apple, Debian, Openldap 3 Macos, Debian Linux, Openldap 2024-11-21 7.5 High
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
CVE-2020-36224 3 Apple, Debian, Openldap 4 Mac Os X, Macos, Debian Linux and 1 more 2024-11-21 7.5 High
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
CVE-2020-36220 1 Va-ts Project 1 Va-ts 2024-11-21 5.9 Medium
An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur.
CVE-2020-36217 1 May Queue Project 1 May Queue 2024-11-21 5.9 Medium
An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur.