Export limit exceeded: 364891 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364891 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36289 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 5.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. | ||||
| CVE-2020-36288 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 6.1 Medium |
| The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution. | ||||
| CVE-2020-36287 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 5.3 Medium |
| The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. | ||||
| CVE-2020-36286 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 5.3 Medium |
| The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field. | ||||
| CVE-2020-36285 | 1 Unionpayintl | 1 Union Pay | 2024-11-21 | 7.5 High |
| Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | ||||
| CVE-2020-36284 | 1 Unionpayintl | 1 Union Pay | 2024-11-21 | 7.5 High |
| Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | ||||
| CVE-2020-36283 | 1 Hidglobal | 4 Omnikey 5127, Omnikey 5127 Firmware, Omnikey 5427 and 1 more | 2024-11-21 | 9.6 Critical |
| HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. | ||||
| CVE-2020-36282 | 1 Rabbitmq | 1 Jms Client | 2024-11-21 | 9.8 Critical |
| JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data. | ||||
| CVE-2020-36281 | 4 Debian, Fedoraproject, Leptonica and 1 more | 4 Debian Linux, Fedora, Leptonica and 1 more | 2024-11-21 | 7.5 High |
| Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. | ||||
| CVE-2020-36280 | 2 Fedoraproject, Leptonica | 2 Fedora, Leptonica | 2024-11-21 | 7.5 High |
| Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. | ||||
| CVE-2020-36279 | 4 Debian, Fedoraproject, Leptonica and 1 more | 4 Debian Linux, Fedora, Leptonica and 1 more | 2024-11-21 | 7.5 High |
| Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. | ||||
| CVE-2020-36278 | 4 Debian, Fedoraproject, Leptonica and 1 more | 4 Debian Linux, Fedora, Leptonica and 1 more | 2024-11-21 | 7.5 High |
| Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. | ||||
| CVE-2020-36277 | 4 Debian, Fedoraproject, Leptonica and 1 more | 4 Debian Linux, Fedora, Leptonica and 1 more | 2024-11-21 | 7.5 High |
| Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c. | ||||
| CVE-2020-36255 | 1 Identitymodel Project | 1 Identitymodel | 2024-11-21 | 7.5 High |
| An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens. | ||||
| CVE-2020-36251 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 3.5 Low |
| ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share. | ||||
| CVE-2020-36249 | 1 Owncloud | 1 File Firewall | 2024-11-21 | 7.5 High |
| The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares. | ||||
| CVE-2020-36247 | 1 Osc | 1 Open Ondemand | 2024-11-21 | 8.8 High |
| Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. | ||||
| CVE-2020-36246 | 1 Amaze File Manager Project | 1 Amaze File Manager | 2024-11-21 | 7.8 High |
| Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. | ||||
| CVE-2020-36245 | 1 Gramaddict | 1 Gramaddict | 2024-11-21 | 8.8 High |
| GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network. | ||||
| CVE-2020-36244 | 2 Debian, Genivi | 2 Debian Linux, Diagnostic Log And Trace | 2024-11-21 | 9.8 Critical |
| The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6). | ||||