Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36468 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer.
|
|||||
| CVE-2020-36467 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object.
|
|||||
| CVE-2020-36466 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types.
|
|||||
| CVE-2020-36465 | 1 Generic-array Project | 1 Generic-array | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes.
|
|||||
| CVE-2020-36453 | 1 Scottqueue Project | 1 Scottqueue | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in the scottqueue crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for Queue<T>.
|
|||||
| CVE-2020-36433 | 1 Aeplay | 1 Chunky | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement.
|
|||||
| CVE-2020-36427 | 1 Gnome | 1 Gthumb | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
|
|||||
| CVE-2020-36394 | 1 Pam Setquota Project | 1 Pam Setquota | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home.
|
|||||
| CVE-2020-36327 | 3 Bundler, Fedoraproject, Microsoft | 3 Bundler, Fedora, Package Manager Configurations | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product.
|
|||||
| CVE-2020-36311 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.
|
|||||
| CVE-2020-36286 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field.
|
|||||
| CVE-2020-36255 | 1 Identitymodel Project | 1 Identitymodel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.
|
|||||
| CVE-2020-36251 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.
|
|||||
| CVE-2020-36240 | 1 Atlassian | 1 Crowd | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
|
|||||
| CVE-2020-36237 | 1 Atlassian | 2 Data Center, Jira | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0.
|
|||||
| CVE-2020-36235 | 1 Atlassian | 3 Jira, Jira Server, Jira Software Data Center | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1.
|
|||||
| CVE-2020-36226 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.
|
|||||
| CVE-2020-36219 | 1 Atomic-option Project | 1 Atomic-option | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption<T> implements Sync unconditionally, a data race can occur.
|
|||||
| CVE-2020-36218 | 1 Nonpolynomial | 1 Buttplug | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider (!Send|!Sync) objects, leading to a data race.
|
|||||
| CVE-2020-36214 | 1 Multiqueue2 Project | 1 Multiqueue2 | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur.
|
|||||
| CVE-2020-36213 | 1 Abi Stable Project | 1 Abi Stable | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the abi_stable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness.
|
|||||
| CVE-2020-36212 | 1 Abi Stable Project | 1 Abi Stable | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop.
|
|||||
| CVE-2020-36209 | 1 Late-static Project | 1 Late-static | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.
|
|||||
| CVE-2020-36204 | 1 Im Project | 1 Im | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.
|
|||||
| CVE-2020-36192 | 1 Mantisbt | 1 Source Integration | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on the view.php page, as well as on the list.php page (a pop-up on the Affected Issues id hyperlink). Additionally, if the attacker has "Update threshold" in the plugin's configuration (set to the "updater" access lev ...
Show More |
|||||
| CVE-2020-36170 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.
|
|||||
| CVE-2020-36169 | 2 Microsoft, Veritas | 3 Windows, Netbackup, Opscenter | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
|
An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives ...
Show More |
|||||
| CVE-2020-36168 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
|
An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code exec ...
Show More |
|||||
| CVE-2020-36166 | 2 Microsoft, Veritas | 5 Windows, Infoscale, Infoscale Operations Manager and 2 more | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
|
An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cn ...
Show More |
|||||
| CVE-2020-36165 | 2 Microsoft, Veritas | 2 Windows, Desktop And Laptop Option | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
|
An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:/ReleaseX64/ssl/openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the serv ...
Show More |
|||||
| CVE-2020-36164 | 2 Microsoft, Veritas | 2 Windows, Enterprise Vault | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
|
An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the System drive (typically C:\) and the product's installation drive (typically not C:\): \Isode\etc\ssl\openssl.cnf (on SMTP Server) or \user\ssl\openssl.cnf (on other affected components). By default, on Windows systems, users can create directories und ...
Show More |
|||||
| CVE-2020-36163 | 2 Microsoft, Veritas | 3 Windows, Netbackup, Opscenter | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
|
An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the atta ...
Show More |
|||||
| CVE-2020-36162 | 2 Microsoft, Veritas | 3 Windows, Cloudpoint, Netbackup Cloudpoint | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
|
An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems users can create directories under <drive>:\. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, which may result in arbitrary code execution. This would give the atta ...
Show More |
|||||
| CVE-2020-36161 | 2 Microsoft, Veritas | 2 Windows, Aptare It Analytics | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, ...
Show More |
|||||
| CVE-2020-36160 | 2 Microsoft, Veritas | 2 Windows, System Recovery | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
|
An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. T ...
Show More |
|||||
| CVE-2020-36159 | 1 Veritas | 1 Desktop And Laptop Option | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication.
|
|||||
| CVE-2020-36157 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges.
|
|||||
| CVE-2020-36066 | 1 Gjson Project | 1 Gjson | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.
|
|||||
| CVE-2020-36037 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.
|
|||||
| CVE-2020-36009 | 1 Obottle Project | 1 Obottle | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability.
|
|||||