Search

Search Results (364887 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-36285 1 Unionpayintl 1 Union Pay 2024-11-21 7.5 High
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
CVE-2020-36284 1 Unionpayintl 1 Union Pay 2024-11-21 7.5 High
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
CVE-2020-36283 1 Hidglobal 4 Omnikey 5127, Omnikey 5127 Firmware, Omnikey 5427 and 1 more 2024-11-21 9.6 Critical
HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2020-36282 1 Rabbitmq 1 Jms Client 2024-11-21 9.8 Critical
JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.
CVE-2020-36281 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2024-11-21 7.5 High
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.
CVE-2020-36280 2 Fedoraproject, Leptonica 2 Fedora, Leptonica 2024-11-21 7.5 High
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.
CVE-2020-36279 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2024-11-21 7.5 High
Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.
CVE-2020-36278 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2024-11-21 7.5 High
Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.
CVE-2020-36277 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2024-11-21 7.5 High
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.
CVE-2020-36255 1 Identitymodel Project 1 Identitymodel 2024-11-21 7.5 High
An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.
CVE-2020-36251 1 Owncloud 1 Owncloud 2024-11-21 3.5 Low
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.
CVE-2020-36249 1 Owncloud 1 File Firewall 2024-11-21 7.5 High
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
CVE-2020-36247 1 Osc 1 Open Ondemand 2024-11-21 8.8 High
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.
CVE-2020-36246 1 Amaze File Manager Project 1 Amaze File Manager 2024-11-21 7.8 High
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.
CVE-2020-36245 1 Gramaddict 1 Gramaddict 2024-11-21 8.8 High
GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network.
CVE-2020-36244 2 Debian, Genivi 2 Debian Linux, Diagnostic Log And Trace 2024-11-21 9.8 Critical
The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6).
CVE-2020-36243 1 Open-emr 1 Openemr 2024-11-21 8.8 High
The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.
CVE-2020-36242 4 Cryptography.io, Fedoraproject, Oracle and 1 more 6 Cryptography, Fedora, Communications Cloud Native Core Network Function Cloud Native Environment and 3 more 2024-11-21 9.1 Critical
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
CVE-2020-36241 3 Fedoraproject, Gnome, Redhat 3 Fedora, Gnome-autoar, Enterprise Linux 2024-11-21 5.5 Medium
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
CVE-2020-36240 1 Atlassian 1 Crowd 2024-11-21 5.3 Medium
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.