|
198041
|
5.3 |
MEDIUM
Network
|
atlassian
|
data_center
jira
jira_server
jira_data_center
|
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote a…
|
CWE-862
Missing Authorization
|
CVE-2020-36287
|
2024-11-21 14:29 |
2021-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198042
|
5.5 |
MEDIUM
Local
|
relic_project
|
relic
|
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-36316
|
2024-11-21 14:29 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198043
|
5.3 |
MEDIUM
Network
|
relic_project
|
relic
|
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public expone…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-36315
|
2024-11-21 14:29 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198044
|
3.9 |
LOW
Local
|
gnome
fedoraproject
|
file-roller
fedora
|
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's paren…
|
CWE-59
Link Following
|
CVE-2020-36314
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198045
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include…
|
CWE-416
Use After Free
|
CVE-2020-36313
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198046
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-36312
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198047
|
5.5 |
MEDIUM
Local
|
linux
debian
|
linux_kernel
debian_linux
|
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires …
|
NVD-CWE-noinfo
|
CVE-2020-36311
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198048
|
5.5 |
MEDIUM
Local
|
linux
debian
|
linux_kernel
debian_linux
|
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-36310
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198049
|
5.3 |
MEDIUM
Network
|
openresty
|
lua-nginx-module
|
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
|
NVD-CWE-noinfo
|
CVE-2020-36309
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198050
|
7.5 |
HIGH
Network
|
unionpayintl
|
union_pay
|
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile ap…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-36285
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
