Total
34253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36469 | 1 Appendix Project | 1 Appendix | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally. | ||||
| CVE-2020-36468 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer. | ||||
| CVE-2020-36467 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object. | ||||
| CVE-2020-36466 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types. | ||||
| CVE-2020-36465 | 1 Generic-array Project | 1 Generic-array | 2024-11-21 | 7.5 High |
| An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes. | ||||
| CVE-2020-36453 | 1 Scottqueue Project | 1 Scottqueue | 2024-11-21 | 8.1 High |
| An issue was discovered in the scottqueue crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for Queue<T>. | ||||
| CVE-2020-36433 | 1 Aeplay | 1 Chunky | 2024-11-21 | 7.5 High |
| An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement. | ||||
| CVE-2020-36427 | 1 Gnome | 1 Gthumb | 2024-11-21 | 5.5 Medium |
| GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image. | ||||
| CVE-2020-36394 | 1 Pam Setquota Project | 1 Pam Setquota | 2024-11-21 | 7.0 High |
| pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home. | ||||
| CVE-2020-36327 | 4 Bundler, Fedoraproject, Microsoft and 1 more | 7 Bundler, Fedora, Package Manager Configurations and 4 more | 2024-11-21 | 8.8 High |
| Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | ||||
| CVE-2020-36311 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. | ||||
| CVE-2020-36286 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 5.3 Medium |
| The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field. | ||||
| CVE-2020-36255 | 1 Identitymodel Project | 1 Identitymodel | 2024-11-21 | 7.5 High |
| An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens. | ||||
| CVE-2020-36251 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 3.5 Low |
| ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share. | ||||
| CVE-2020-36240 | 1 Atlassian | 1 Crowd | 2024-11-21 | 5.3 Medium |
| The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | ||||
| CVE-2020-36237 | 1 Atlassian | 2 Data Center, Jira | 2024-11-21 | 5.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field options via an Information Disclosure vulnerability in the /rest/api/2/customFieldOption/ endpoint. The affected versions are before version 8.15.0. | ||||
| CVE-2020-36235 | 1 Atlassian | 3 Jira, Jira Server, Jira Software Data Center | 2024-11-21 | 5.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1. | ||||
| CVE-2020-36226 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2024-11-21 | 7.5 High |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. | ||||
| CVE-2020-36219 | 1 Atomic-option Project | 1 Atomic-option | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption<T> implements Sync unconditionally, a data race can occur. | ||||
| CVE-2020-36218 | 1 Nonpolynomial | 1 Buttplug | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider (!Send|!Sync) objects, leading to a data race. | ||||