Total
32250 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36309 | 1 Openresty | 1 Lua-nginx-module | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. | |||||
| CVE-2020-36286 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field. | |||||
| CVE-2020-36255 | 1 Identitymodel Project | 1 Identitymodel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens. | |||||
| CVE-2020-36254 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. | |||||
| CVE-2020-36251 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share. | |||||
| CVE-2020-36240 | 1 Atlassian | 1 Crowd | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | |||||
| CVE-2020-36237 | 1 Atlassian | 2 Data Center, Jira | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. | |||||
| CVE-2020-36235 | 1 Atlassian | 3 Jira, Jira Server, Jira Software Data Center | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1. | |||||
| CVE-2020-36226 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |||||
| CVE-2020-36219 | 1 Atomic-option Project | 1 Atomic-option | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption<T> implements Sync unconditionally, a data race can occur. | |||||
| CVE-2020-36218 | 1 Nonpolynomial | 1 Buttplug | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider (!Send|!Sync) objects, leading to a data race. | |||||
| CVE-2020-36214 | 1 Multiqueue2 Project | 1 Multiqueue2 | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur. | |||||
| CVE-2020-36213 | 1 Abi Stable Project | 1 Abi Stable | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the abi_stable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness. | |||||
| CVE-2020-36212 | 1 Abi Stable Project | 1 Abi Stable | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop. | |||||
| CVE-2020-36209 | 1 Late-static Project | 1 Late-static | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur. | |||||
| CVE-2020-36204 | 1 Im Project | 1 Im | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur. | |||||
| CVE-2020-36192 | 1 Mantisbt | 1 Source Integration | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on the view.php page, as well as on the list.php page (a pop-up on the Affected Issues id hyperlink). Additionally, if the attacker has "Update threshold" in the plugin's configuration (set to the "updater" access level by default), then they can link any Issue to a Changeset by entering the Issue's Id, even if they do not have access to it. | |||||
| CVE-2020-36170 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms. | |||||
| CVE-2020-36169 | 2 Microsoft, Veritas | 3 Windows, Netbackup, Opscenter | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
| An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations. | |||||
| CVE-2020-36168 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
| An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. | |||||