|
199051
|
9.8 |
CRITICAL
Network
|
dell
oracle
|
bsafe_crypto-c-micro-edition
bsafe_micro-edition-suite
http_server
security_service
database
weblogic_server_proxy_plug-in
|
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-35163
|
2024-11-21 14:26 |
2022-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199052
|
7.5 |
HIGH
Network
|
atomix
|
atomix
|
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.
|
NVD-CWE-noinfo
|
CVE-2020-35209
|
2024-11-21 14:26 |
2021-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199053
|
6.1 |
MEDIUM
Network
|
pixelite
|
events_manager
|
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues
|
-
|
CVE-2020-35037
|
2024-11-21 14:26 |
2021-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199054
|
7.2 |
HIGH
Network
|
pixelite
|
events_manager
|
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection
|
-
|
CVE-2020-35012
|
2024-11-21 14:26 |
2021-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199055
|
9.8 |
CRITICAL
Network
|
windriver
oracle
|
vxworks
communications_eagle
|
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-35198
|
2024-11-21 14:26 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199056
|
9.8 |
CRITICAL
Network
|
mobileiron
|
mobile\@work
|
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demo…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-35138
|
2024-11-21 14:26 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199057
|
7.5 |
HIGH
Network
|
mobileiron
|
mobile\@work
|
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiro…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-35137
|
2024-11-21 14:26 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199058
|
9.6 |
CRITICAL
Network
|
acquia
|
mautic
|
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35125
|
2024-11-21 14:26 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199059
|
7.8 |
HIGH
Local
|
cloudflare
|
warp
|
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-35152
|
2024-11-21 14:26 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199060
|
7.8 |
HIGH
Local
|
acronis
|
true_image
|
Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-35145
|
2024-11-21 14:26 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
