|
209471
|
5.3 |
MEDIUM
Network
|
redhat
|
389_directory_server
enterprise_linux
directory_server
|
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of a…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-35518
|
2024-11-21 14:27 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209472
|
4.5 |
MEDIUM
Local
|
linux
redhat
netapp
|
linux_kernel
enterprise_linux
a700s_firmware
brocade_fabric_operating_system_firmware
fas8300_firmware
fas8700_firmware
aff_a400_firmware
h300s_firmware
h500s_firmware
h700…
|
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local…
|
-
|
CVE-2020-35508
|
2024-11-21 14:27 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209473
|
7.5 |
HIGH
Network
|
privoxy
|
privoxy
|
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.
|
-
|
CVE-2020-35502
|
2024-11-21 14:27 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209474
|
9.8 |
CRITICAL
Network
|
thinksaas
|
thinksaas
|
ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.
|
CWE-89
SQL Injection
|
CVE-2020-35337
|
2024-11-21 14:27 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209475
|
7.8 |
HIGH
Local
|
cairographics
|
cairo
|
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convinci…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-35492
|
2024-11-21 14:27 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209476
|
5.5 |
MEDIUM
Local
|
taidii
|
diibear
|
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-35456
|
2024-11-21 14:27 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209477
|
7.8 |
HIGH
Local
|
taidii
|
diibear
|
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-35455
|
2024-11-21 14:27 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209478
|
6.8 |
MEDIUM
Physics
|
taidii
|
diibear
|
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-35454
|
2024-11-21 14:27 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209479
|
9.8 |
CRITICAL
Network
|
domainmod
|
domainmod
|
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or …
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-35358
|
2024-11-21 14:27 |
2021-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209480
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_servicedesk_plus
|
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
|
CWE-863
Incorrect Authorization
|
CVE-2020-35682
|
2024-11-21 14:27 |
2021-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
