|
198601
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox_esr
thunderbird
firefox
|
When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a us…
|
NVD-CWE-noinfo
|
CVE-2020-35111
|
2024-11-21 14:26 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198602
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an …
|
NVD-CWE-noinfo
|
CVE-2020-35112
|
2024-11-21 14:26 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198603
|
5.4 |
MEDIUM
Network
|
dell
|
unisphere
powermax_os
|
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scri…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35170
|
2024-11-21 14:26 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198604
|
9.8 |
CRITICAL
Network
|
amaze_file_manager_project
|
amaze_file_manager
|
The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.…
|
NVD-CWE-noinfo
|
CVE-2020-35173
|
2024-11-21 14:26 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198605
|
7.2 |
HIGH
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename fo…
|
CWE-88
Argument Injection
|
CVE-2020-35136
|
2024-11-21 14:26 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198606
|
8.8 |
HIGH
Network
|
phpgurukul
|
online_marriage_registration_system
|
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.
|
CWE-89
SQL Injection
|
CVE-2020-35151
|
2024-11-21 14:26 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198607
|
5.3 |
MEDIUM
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-35177
|
2024-11-21 14:26 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198608
|
6.5 |
MEDIUM
Network
|
zimbra
|
collaboration
|
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has…
|
CWE-611
XXE
|
CVE-2020-35123
|
2024-11-21 14:26 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198609
|
9.8 |
CRITICAL
Network
|
docker
|
memcached_docker_image
|
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35197
|
2024-11-21 14:26 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198610
|
9.8 |
CRITICAL
Network
|
docker
|
rabbitmq_docker_image
|
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35196
|
2024-11-21 14:26 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
