|
199511
|
9.8 |
CRITICAL
Network
|
hashicorp
|
consul_docker_image
|
The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image may allow a …
|
NVD-CWE-Other
|
CVE-2020-29564
|
2024-11-21 14:24 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199512
|
9.8 |
CRITICAL
Network
|
matomo
|
piwik_fpm-alpine_docker_image
|
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker ima…
|
NVD-CWE-Other
|
CVE-2020-29578
|
2024-11-21 14:24 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199513
|
7.5 |
HIGH
Network
|
systransoft
|
pure_neural_server
|
API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat actor to use the Systran Pure Neural Server as a Denial-of-Service proxy by sending a large amount o…
|
NVD-CWE-noinfo
|
CVE-2020-29540
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199514
|
5.4 |
MEDIUM
Network
|
systransoft
|
pure_neural_server
|
A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pure Neural Server before 9.7.0 allows a threat actor to have a remote authenticated user run JavaScript from a malicious site.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29539
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199515
|
9.8 |
CRITICAL
Network
|
awstats
debian
fedoraproject
|
awstats
debian_linux
fedora
|
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists becau…
|
CWE-22
Path Traversal
|
CVE-2020-29600
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199516
|
7.8 |
HIGH
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not prope…
|
CWE-91
Blind XPath Injection
|
CVE-2020-29599
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199517
|
9.8 |
CRITICAL
Network
|
incomcms_project
|
incomcms
|
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29597
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199518
|
9.8 |
CRITICAL
Network
|
acdsee
|
photo_studio_2021
|
PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa.
|
NVD-CWE-noinfo
|
CVE-2020-29595
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199519
|
7.5 |
HIGH
Network
|
gnu
redhat
netapp
|
glibc
enterprise_linux
cloud_backup
solidfire_baseboard_management_controller
|
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29573
|
2024-11-21 14:24 |
2020-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199520
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29572
|
2024-11-21 14:24 |
2020-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
