|
199621
|
6.1 |
MEDIUM
Network
|
group-office
|
group_office
|
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35419
|
2024-11-21 14:27 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199622
|
5.4 |
MEDIUM
Network
|
group-office
|
group_office
|
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35418
|
2024-11-21 14:27 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199623
|
9.8 |
CRITICAL
Network
|
conquest_dicom_server_project
|
conquest_dicom_server
|
CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code.
|
NVD-CWE-noinfo
|
CVE-2020-35308
|
2024-11-21 14:27 |
2021-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199624
|
5.3 |
MEDIUM
Network
|
redhat
|
389_directory_server
enterprise_linux
directory_server
|
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of a…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-35518
|
2024-11-21 14:27 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199625
|
4.5 |
MEDIUM
Local
|
linux
redhat
netapp
|
linux_kernel
enterprise_linux
a700s_firmware
brocade_fabric_operating_system_firmware
fas8300_firmware
fas8700_firmware
aff_a400_firmware
h300s_firmware
h500s_firmware
h700…
|
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local…
|
-
|
CVE-2020-35508
|
2024-11-21 14:27 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199626
|
7.5 |
HIGH
Network
|
privoxy
|
privoxy
|
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.
|
-
|
CVE-2020-35502
|
2024-11-21 14:27 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199627
|
9.8 |
CRITICAL
Network
|
thinksaas
|
thinksaas
|
ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.
|
CWE-89
SQL Injection
|
CVE-2020-35337
|
2024-11-21 14:27 |
2021-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199628
|
7.8 |
HIGH
Local
|
cairographics
|
cairo
|
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convinci…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-35492
|
2024-11-21 14:27 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199629
|
5.5 |
MEDIUM
Local
|
taidii
|
diibear
|
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-35456
|
2024-11-21 14:27 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199630
|
7.8 |
HIGH
Local
|
taidii
|
diibear
|
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-35455
|
2024-11-21 14:27 |
2021-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
