|
199341
|
9.8 |
CRITICAL
Network
|
eggheads
|
eggdrop_docker_image
|
The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an …
|
NVD-CWE-Other
|
CVE-2020-29576
|
2024-11-21 14:24 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199342
|
9.8 |
CRITICAL
Network
|
docker
|
elixir_alpine_docker_image
|
The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the …
|
NVD-CWE-Other
|
CVE-2020-29575
|
2024-11-21 14:24 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199343
|
9.8 |
CRITICAL
Network
|
hashicorp
|
consul_docker_image
|
The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image may allow a …
|
NVD-CWE-Other
|
CVE-2020-29564
|
2024-11-21 14:24 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199344
|
9.8 |
CRITICAL
Network
|
matomo
|
piwik_fpm-alpine_docker_image
|
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker ima…
|
NVD-CWE-Other
|
CVE-2020-29578
|
2024-11-21 14:24 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199345
|
7.5 |
HIGH
Network
|
systransoft
|
pure_neural_server
|
API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat actor to use the Systran Pure Neural Server as a Denial-of-Service proxy by sending a large amount o…
|
NVD-CWE-noinfo
|
CVE-2020-29540
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199346
|
5.4 |
MEDIUM
Network
|
systransoft
|
pure_neural_server
|
A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pure Neural Server before 9.7.0 allows a threat actor to have a remote authenticated user run JavaScript from a malicious site.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29539
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199347
|
9.8 |
CRITICAL
Network
|
awstats
debian
fedoraproject
|
awstats
debian_linux
fedora
|
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists becau…
|
CWE-22
Path Traversal
|
CVE-2020-29600
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199348
|
7.8 |
HIGH
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not prope…
|
CWE-91
Blind XPath Injection
|
CVE-2020-29599
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199349
|
9.8 |
CRITICAL
Network
|
incomcms_project
|
incomcms
|
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29597
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199350
|
9.8 |
CRITICAL
Network
|
acdsee
|
photo_studio_2021
|
PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa.
|
NVD-CWE-noinfo
|
CVE-2020-29595
|
2024-11-21 14:24 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
