|
199171
|
5.3 |
MEDIUM
Network
|
relic_project
|
relic
|
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public expone…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-36315
|
2024-11-21 14:29 |
2021-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199172
|
3.9 |
LOW
Local
|
gnome
fedoraproject
|
file-roller
fedora
|
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's paren…
|
CWE-59
Link Following
|
CVE-2020-36314
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199173
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include…
|
CWE-416
Use After Free
|
CVE-2020-36313
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199174
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-36312
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199175
|
5.5 |
MEDIUM
Local
|
linux
debian
|
linux_kernel
debian_linux
|
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires …
|
NVD-CWE-noinfo
|
CVE-2020-36311
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199176
|
5.5 |
MEDIUM
Local
|
linux
debian
|
linux_kernel
debian_linux
|
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-36310
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199177
|
5.3 |
MEDIUM
Network
|
openresty
|
lua-nginx-module
|
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
|
NVD-CWE-noinfo
|
CVE-2020-36309
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199178
|
7.5 |
HIGH
Network
|
unionpayintl
|
union_pay
|
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile ap…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-36285
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199179
|
7.5 |
HIGH
Network
|
unionpayintl
|
union_pay
|
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-36284
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199180
|
5.3 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
|
CWE-74
Injection
|
CVE-2020-36308
|
2024-11-21 14:29 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
