Total
35033 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36766 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.3 Low |
| An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct. | ||||
| CVE-2020-36765 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2020-36519 | 1 Mimecast | 1 Email Security | 2024-11-21 | 4.9 Medium |
| Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.) | ||||
| CVE-2020-36472 | 1 Max7301 Project | 1 Max7301 | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander<EI> types that they contain. | ||||
| CVE-2020-36471 | 1 Generator Project | 1 Generator | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds. | ||||
| CVE-2020-36470 | 1 Disrustor Project | 1 Disrustor | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not properly limit the number of mutable references. | ||||
| CVE-2020-36469 | 1 Appendix Project | 1 Appendix | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally. | ||||
| CVE-2020-36468 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer. | ||||
| CVE-2020-36467 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object. | ||||
| CVE-2020-36466 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types. | ||||
| CVE-2020-36465 | 1 Generic-array Project | 1 Generic-array | 2024-11-21 | 7.5 High |
| An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes. | ||||
| CVE-2020-36453 | 1 Scottqueue Project | 1 Scottqueue | 2024-11-21 | 8.1 High |
| An issue was discovered in the scottqueue crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for Queue<T>. | ||||
| CVE-2020-36433 | 1 Aeplay | 1 Chunky | 2024-11-21 | 7.5 High |
| An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement. | ||||
| CVE-2020-36427 | 1 Gnome | 1 Gthumb | 2024-11-21 | 5.5 Medium |
| GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image. | ||||
| CVE-2020-36394 | 1 Pam Setquota Project | 1 Pam Setquota | 2024-11-21 | 7.0 High |
| pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home. | ||||
| CVE-2020-36327 | 4 Bundler, Fedoraproject, Microsoft and 1 more | 7 Bundler, Fedora, Package Manager Configurations and 4 more | 2024-11-21 | 8.8 High |
| Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | ||||
| CVE-2020-36311 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. | ||||
| CVE-2020-36286 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 5.3 Medium |
| The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field. | ||||
| CVE-2020-36255 | 1 Identitymodel Project | 1 Identitymodel | 2024-11-21 | 7.5 High |
| An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens. | ||||
| CVE-2020-36251 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 3.5 Low |
| ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share. | ||||