|
209011
|
8.8 |
HIGH
Adjacent
|
envoyproxy
|
envoy
|
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-prox…
|
NVD-CWE-noinfo
|
CVE-2020-35470
|
2024-11-21 14:27 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209012
|
5.3 |
MEDIUM
Network
|
mpxj
oracle
|
mpxj
primavera_unifier
|
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
|
CWE-22
Path Traversal
|
CVE-2020-35460
|
2024-11-21 14:27 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209013
|
7.8 |
HIGH
Local
|
gnome
|
glib
|
GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue.…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-35457
|
2024-11-21 14:27 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209014
|
9.8 |
CRITICAL
Network
|
mobileviewpoint
|
wireless_multiplex_terminal_playout_server
|
The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon."
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-35338
|
2024-11-21 14:27 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209015
|
7.2 |
HIGH
Network
|
classroombookings
|
classroombookings
|
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.
|
CWE-89
SQL Injection
|
CVE-2020-35382
|
2024-11-21 14:27 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209016
|
9.8 |
CRITICAL
Network
|
online_bus_ticket_reservation_project
|
online_bus_ticket_reservation
|
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.
|
CWE-89
SQL Injection
|
CVE-2020-35378
|
2024-11-21 14:27 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209017
|
5.3 |
MEDIUM
Network
|
amazee
|
lagoon
|
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.
|
NVD-CWE-noinfo
|
CVE-2020-35236
|
2024-11-21 14:27 |
2020-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209018
|
8.8 |
HIGH
Network
|
themexa
|
secure_file_manager
|
vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFin…
|
NVD-CWE-noinfo
|
CVE-2020-35235
|
2024-11-21 14:27 |
2020-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209019
|
7.5 |
HIGH
Network
|
wp-ecommerce
|
easy_wp_smtp
|
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ direc…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-35234
|
2024-11-21 14:27 |
2020-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209020
|
- |
|
-
|
-
|
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
|
-
|
CVE-2020-35165
|
2024-11-21 14:26 |
2024-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
