|
197881
|
5.3 |
MEDIUM
Network
|
openresty
|
lua-nginx-module
|
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
|
NVD-CWE-noinfo
|
CVE-2020-36309
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197882
|
7.5 |
HIGH
Network
|
unionpayintl
|
union_pay
|
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile ap…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-36285
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197883
|
7.5 |
HIGH
Network
|
unionpayintl
|
union_pay
|
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-36284
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197884
|
5.3 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
|
CWE-74
Injection
|
CVE-2020-36308
|
2024-11-21 14:29 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197885
|
6.1 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36307
|
2024-11-21 14:29 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197886
|
6.1 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36306
|
2024-11-21 14:29 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197887
|
5.3 |
MEDIUM
Network
|
atlassian
|
data_center
jira
jira_server
jira_data_center
|
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous…
|
NVD-CWE-noinfo
|
CVE-2020-36286
|
2024-11-21 14:29 |
2021-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197888
|
5.3 |
MEDIUM
Network
|
atlassian
|
data_center
jira
jira_server
jira_data_center
|
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous…
|
CWE-862
Missing Authorization
|
CVE-2020-36238
|
2024-11-21 14:29 |
2021-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197889
|
8.8 |
HIGH
Network
|
hidglobal
|
omnikey_5427_firmware
omnikey_5127_firmware
|
HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attac…
|
CWE-352
Origin Validation Error
|
CVE-2020-36283
|
2024-11-21 14:29 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197890
|
9.8 |
CRITICAL
Network
|
rabbitmq
|
jms_client
|
JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-36282
|
2024-11-21 14:29 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
