|
198051
|
7.5 |
HIGH
Network
|
unionpayintl
|
union_pay
|
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-36284
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198052
|
5.3 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
|
CWE-74
Injection
|
CVE-2020-36308
|
2024-11-21 14:29 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198053
|
6.1 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36307
|
2024-11-21 14:29 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198054
|
6.1 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36306
|
2024-11-21 14:29 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198055
|
5.3 |
MEDIUM
Network
|
atlassian
|
data_center
jira
jira_server
jira_data_center
|
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous…
|
NVD-CWE-noinfo
|
CVE-2020-36286
|
2024-11-21 14:29 |
2021-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198056
|
5.3 |
MEDIUM
Network
|
atlassian
|
data_center
jira
jira_server
jira_data_center
|
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous…
|
CWE-862
Missing Authorization
|
CVE-2020-36238
|
2024-11-21 14:29 |
2021-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198057
|
8.8 |
HIGH
Network
|
hidglobal
|
omnikey_5427_firmware
omnikey_5127_firmware
|
HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attac…
|
CWE-352
Origin Validation Error
|
CVE-2020-36283
|
2024-11-21 14:29 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198058
|
9.8 |
CRITICAL
Network
|
rabbitmq
|
jms_client
|
JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-36282
|
2024-11-21 14:29 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198059
|
7.5 |
HIGH
Network
|
leptonica
debian
fedoraproject
|
leptonica
debian_linux
fedora
|
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-36281
|
2024-11-21 14:29 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198060
|
7.5 |
HIGH
Network
|
leptonica
fedoraproject
|
leptonica
fedora
|
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-36280
|
2024-11-21 14:29 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
