|
209001
|
9.8 |
CRITICAL
Network
|
blackfire
|
blackfire_docker_image
|
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve r…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35466
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209002
|
9.8 |
CRITICAL
Network
|
weave
|
cloud_agent
|
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacke…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35464
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209003
|
9.8 |
CRITICAL
Network
|
instana
|
dynamic_apm
|
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote att…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35463
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209004
|
9.8 |
CRITICAL
Network
|
coscale_agent_project
|
coscale_agent
|
Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to ac…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35462
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209005
|
6.1 |
MEDIUM
Network
|
onlineonly
|
phpjabbers_appointment_scheduler
|
Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35416
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209006
|
7.5 |
HIGH
Network
|
jsonparser_project
fedoraproject
|
jsonparser
fedora
|
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.
|
NVD-CWE-noinfo
|
CVE-2020-35381
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209007
|
7.5 |
HIGH
Network
|
gjson_project
|
gjson
|
GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.
|
NVD-CWE-noinfo
|
CVE-2020-35380
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209008
|
6.1 |
MEDIUM
Network
|
egavilanmedia
|
barcodes_generator
|
EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35396
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209009
|
6.1 |
MEDIUM
Network
|
egavilanmedia
|
expense_management_system
|
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field
|
CWE-79
Cross-site Scripting
|
CVE-2020-35395
|
2024-11-21 14:27 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209010
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
|
NVD-CWE-noinfo
|
CVE-2020-35471
|
2024-11-21 14:27 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
