|
201581
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include…
|
CWE-416
Use After Free
|
CVE-2020-36313
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201582
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-36312
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201583
|
5.5 |
MEDIUM
Local
|
linux
debian
|
linux_kernel
debian_linux
|
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires …
|
NVD-CWE-noinfo
|
CVE-2020-36311
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201584
|
5.5 |
MEDIUM
Local
|
linux
debian
|
linux_kernel
debian_linux
|
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-36310
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201585
|
5.3 |
MEDIUM
Network
|
openresty
|
lua-nginx-module
|
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
|
NVD-CWE-noinfo
|
CVE-2020-36309
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201586
|
7.5 |
HIGH
Network
|
unionpayintl
|
union_pay
|
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile ap…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-36285
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201587
|
7.5 |
HIGH
Network
|
unionpayintl
|
union_pay
|
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-36284
|
2024-11-21 14:29 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201588
|
5.3 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
|
CWE-74
Injection
|
CVE-2020-36308
|
2024-11-21 14:29 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201589
|
6.1 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36307
|
2024-11-21 14:29 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201590
|
6.1 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36306
|
2024-11-21 14:29 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
