|
211811
|
6.7 |
MEDIUM
Local
|
dell
|
emc_unity_operating_environment
emc_unity_vsa_operating_environment
emc_unity_xt_operating_environment
|
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-26199
|
2024-11-21 14:19 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211812
|
7.8 |
HIGH
Local
|
dell
|
emc_powerscale_onefs
emc_isilon_onefs
|
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connec…
|
NVD-CWE-noinfo
|
CVE-2020-26181
|
2024-11-21 14:19 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211813
|
5.4 |
MEDIUM
Network
|
thedaylightstudio
|
fuel_cms
|
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26046
|
2024-11-21 14:19 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211814
|
9.8 |
CRITICAL
Network
|
thedaylightstudio
|
fuel_cms
|
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit …
|
CWE-89
SQL Injection
|
CVE-2020-26045
|
2024-11-21 14:19 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211815
|
6.1 |
MEDIUM
Network
|
rust-lang
|
mdbook
|
mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which co…
|
-
|
CVE-2020-26297
|
2024-11-21 14:19 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211816
|
5.3 |
MEDIUM
Network
|
target
|
compiler
|
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server c…
|
-
|
CVE-2020-26294
|
2024-11-21 14:19 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211817
|
6.1 |
MEDIUM
Network
|
htmlsanitizer_project
|
htmlsanitizer
|
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if styl…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26293
|
2024-11-21 14:19 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211818
|
9.8 |
CRITICAL
Network
|
chatter-social
|
creeper
|
Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours betw…
|
-
|
CVE-2020-26292
|
2024-11-21 14:19 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211819
|
8.8 |
HIGH
Network
|
qdpm
|
qdpm
|
qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-26165
|
2024-11-21 14:19 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211820
|
8.7 |
HIGH
Network
|
vega_project
|
vega
|
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulner…
|
-
|
CVE-2020-26296
|
2024-11-21 14:19 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
