|
199201
|
8.8 |
HIGH
Network
|
osc
|
open_ondemand
|
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2020-36247
|
2024-11-21 14:29 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199202
|
7.8 |
HIGH
Local
|
amaze_file_manager_project
|
amaze_file_manager
|
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.
|
CWE-78
OS Command
|
CVE-2020-36246
|
2024-11-21 14:29 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199203
|
7.8 |
HIGH
Local
|
atlassian
|
bitbucket
|
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privile…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-36233
|
2024-11-21 14:29 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199204
|
8.8 |
HIGH
Adjacent
|
gramaddict
|
gramaddict
|
GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same W…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-36245
|
2024-11-21 14:29 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199205
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira
data_center
|
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFie…
|
NVD-CWE-noinfo
|
CVE-2020-36237
|
2024-11-21 14:29 |
2021-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199206
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa…
|
CWE-79
Cross-site Scripting
|
CVE-2020-36236
|
2024-11-21 14:29 |
2021-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199207
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
|
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile s…
|
NVD-CWE-noinfo
|
CVE-2020-36235
|
2024-11-21 14:29 |
2021-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199208
|
4.8 |
MEDIUM
Network
|
atlassian
|
jira
data_center
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The …
|
CWE-79
Cross-site Scripting
|
CVE-2020-36234
|
2024-11-21 14:29 |
2021-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199209
|
9.8 |
CRITICAL
Network
|
genivi
debian
|
diagnostic_log_and_trace
debian_linux
|
The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-36244
|
2024-11-21 14:29 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199210
|
8.8 |
HIGH
Network
|
open-emr
|
openemr
|
The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request t…
|
CWE-78
OS Command
|
CVE-2020-36243
|
2024-11-21 14:29 |
2021-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
