|
198531
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35571
|
2024-11-21 14:27 |
2021-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198532
|
7.5 |
HIGH
Network
|
acronis
|
cyber_protect
|
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur.
|
NVD-CWE-noinfo
|
CVE-2020-35556
|
2024-11-21 14:27 |
2021-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198533
|
7.4 |
HIGH
Network
|
djangoproject
|
channels
|
Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type reques…
|
CWE-200
Information Exposure
|
CVE-2020-35681
|
2024-11-21 14:27 |
2021-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198534
|
6.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when usin…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-35499
|
2024-11-21 14:27 |
2021-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198535
|
5.4 |
MEDIUM
Network
|
pi-hole
|
pi-hole
|
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35592
|
2024-11-21 14:27 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198536
|
5.4 |
MEDIUM
Network
|
pi-hole
|
pi-hole
|
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value …
|
CWE-384
Session Fixation
|
CVE-2020-35591
|
2024-11-21 14:27 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198537
|
6.5 |
MEDIUM
Network
|
endalia
|
selection_portal
|
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file …
|
NVD-CWE-Other
|
CVE-2020-35577
|
2024-11-21 14:27 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198538
|
9.8 |
CRITICAL
Network
|
74cms
|
74cms
|
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server…
|
CWE-94
Code Injection
|
CVE-2020-35339
|
2024-11-21 14:27 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198539
|
5.3 |
MEDIUM
Network
|
mbconnectline
helmholz
|
mbconnect24
mymbconnect24
myrex24.virtual
myrex24
|
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have be…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2020-35570
|
2024-11-21 14:27 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198540
|
6.1 |
MEDIUM
Network
|
mbconnectline
|
mbconnect24
mymbconnect24
|
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35569
|
2024-11-21 14:27 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
