|
197671
|
6.1 |
MEDIUM
Network
|
wikimedia
|
analytics-quarry-web
|
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36324
|
2024-11-21 14:29 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197672
|
6.1 |
MEDIUM
Network
|
atlassian
|
data_center
jira
jira_server
jira_data_center
|
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attack…
|
CWE-79
Cross-site Scripting
|
CVE-2020-36288
|
2024-11-21 14:29 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197673
|
8.2 |
HIGH
Network
|
rust-lang
fedoraproject
|
rust
fedora
|
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes a…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-36323
|
2024-11-21 14:29 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197674
|
5.5 |
MEDIUM
Local
|
linux
debian
starwindsoftware
|
linux_kernel
debian_linux
starwind_virtual_san
|
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a …
|
CWE-459
Incomplete Cleanup
|
CVE-2020-36322
|
2024-11-21 14:29 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197675
|
9.8 |
CRITICAL
Network
|
rust-lang
|
rust
|
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or doub…
|
CWE-415
CWE-416
Double Free
Use After Free
|
CVE-2020-36318
|
2024-11-21 14:29 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197676
|
7.5 |
HIGH
Network
|
rust-lang
|
rust
|
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could res…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-36317
|
2024-11-21 14:29 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197677
|
5.3 |
MEDIUM
Network
|
atlassian
|
data_center
jira
jira_server
jira_data_center
|
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote a…
|
CWE-862
Missing Authorization
|
CVE-2020-36287
|
2024-11-21 14:29 |
2021-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197678
|
5.5 |
MEDIUM
Local
|
relic_project
|
relic
|
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-36316
|
2024-11-21 14:29 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197679
|
5.3 |
MEDIUM
Network
|
relic_project
|
relic
|
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public expone…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-36315
|
2024-11-21 14:29 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197680
|
3.9 |
LOW
Local
|
gnome
fedoraproject
|
file-roller
fedora
|
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's paren…
|
CWE-59
Link Following
|
CVE-2020-36314
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
