|
198491
|
9.8 |
CRITICAL
Network
|
wondercms
|
wondercms
|
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL t…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-35313
|
2024-11-21 14:27 |
2021-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198492
|
5.4 |
MEDIUM
Network
|
monicahq
|
monica
|
Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35660
|
2024-11-21 14:27 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198493
|
6.1 |
MEDIUM
Network
|
group-office
|
group_office
|
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35419
|
2024-11-21 14:27 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198494
|
5.4 |
MEDIUM
Network
|
group-office
|
group_office
|
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35418
|
2024-11-21 14:27 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198495
|
9.8 |
CRITICAL
Network
|
conquest_dicom_server_project
|
conquest_dicom_server
|
CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code.
|
NVD-CWE-noinfo
|
CVE-2020-35308
|
2024-11-21 14:27 |
2021-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198496
|
5.3 |
MEDIUM
Network
|
redhat
|
389_directory_server
enterprise_linux
directory_server
|
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of a…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-35518
|
2024-11-21 14:27 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198497
|
4.5 |
MEDIUM
Local
|
linux
redhat
netapp
|
linux_kernel
enterprise_linux
a700s_firmware
brocade_fabric_operating_system_firmware
fas8300_firmware
fas8700_firmware
aff_a400_firmware
h300s_firmware
h500s_firmware
h700…
|
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local…
|
-
|
CVE-2020-35508
|
2024-11-21 14:27 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198498
|
7.5 |
HIGH
Network
|
privoxy
|
privoxy
|
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.
|
-
|
CVE-2020-35502
|
2024-11-21 14:27 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198499
|
9.8 |
CRITICAL
Network
|
thinksaas
|
thinksaas
|
ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.
|
CWE-89
SQL Injection
|
CVE-2020-35337
|
2024-11-21 14:27 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198500
|
7.8 |
HIGH
Local
|
cairographics
|
cairo
|
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convinci…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-35492
|
2024-11-21 14:27 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
