|
197861
|
8.8 |
HIGH
Network
|
bundler
fedoraproject
microsoft
|
bundler
fedora
package_manager_configurations
|
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chos…
|
NVD-CWE-noinfo
|
CVE-2020-36327
|
2024-11-21 14:29 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197862
|
9.8 |
CRITICAL
Network
|
phpmailer_project
wordpress
|
phpmailer
wordpress
|
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a func…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-36326
|
2024-11-21 14:29 |
2021-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197863
|
7.5 |
HIGH
Network
|
jansson_project
|
jansson
|
An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fai…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-36325
|
2024-11-21 14:29 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197864
|
7.5 |
HIGH
Network
|
vaadin
|
flow
vaadin
|
Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker…
|
CWE-22
Path Traversal
|
CVE-2020-36321
|
2024-11-21 14:29 |
2021-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197865
|
7.5 |
HIGH
Network
|
vaadin
|
vaadin
|
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-36320
|
2024-11-21 14:29 |
2021-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197866
|
6.5 |
MEDIUM
Network
|
vaadin
|
flow
vaadin
|
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestC…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-36319
|
2024-11-21 14:29 |
2021-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197867
|
6.1 |
MEDIUM
Network
|
wikimedia
|
analytics-quarry-web
|
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36324
|
2024-11-21 14:29 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197868
|
6.1 |
MEDIUM
Network
|
atlassian
|
data_center
jira
jira_server
jira_data_center
|
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attack…
|
CWE-79
Cross-site Scripting
|
CVE-2020-36288
|
2024-11-21 14:29 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197869
|
8.2 |
HIGH
Network
|
rust-lang
fedoraproject
|
rust
fedora
|
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes a…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-36323
|
2024-11-21 14:29 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197870
|
5.5 |
MEDIUM
Local
|
linux
debian
starwindsoftware
|
linux_kernel
debian_linux
starwind_virtual_san
|
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a …
|
CWE-459
Incomplete Cleanup
|
CVE-2020-36322
|
2024-11-21 14:29 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
