|
200161
|
10.0 |
CRITICAL
Network
|
rocklobster
|
contact_form_7
|
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35489
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200162
|
5.3 |
MEDIUM
Network
|
hashicorp
|
vault
|
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
|
NVD-CWE-noinfo
|
CVE-2020-35453
|
2024-11-21 14:27 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200163
|
9.8 |
CRITICAL
Network
|
opentsdb
|
opentsdb
|
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is…
|
CWE-78
OS Command
|
CVE-2020-35476
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200164
|
9.8 |
CRITICAL
Network
|
softwareag
|
terracotta_server_oss
|
The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remot…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35469
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200165
|
9.8 |
CRITICAL
Network
|
appbase
|
streams
|
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root acces…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35468
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200166
|
9.8 |
CRITICAL
Network
|
docker
|
docs
|
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achie…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35467
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200167
|
9.8 |
CRITICAL
Network
|
blackfire
|
blackfire_docker_image
|
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve r…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35466
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200168
|
9.8 |
CRITICAL
Network
|
weave
|
cloud_agent
|
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacke…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35464
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200169
|
9.8 |
CRITICAL
Network
|
instana
|
dynamic_apm
|
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote att…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35463
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200170
|
9.8 |
CRITICAL
Network
|
coscale_agent_project
|
coscale_agent
|
Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to ac…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35462
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
