|
209741
|
9.8 |
CRITICAL
Network
|
agentejo
|
cockpit
|
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON da…
|
CWE-94
Code Injection
|
CVE-2020-35131
|
2024-11-21 14:26 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209742
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
|
Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-35114
|
2024-11-21 14:26 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209743
|
8.8 |
HIGH
Network
|
mozilla
|
firefox_esr
thunderbird
firefox
|
Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-35113
|
2024-11-21 14:26 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209744
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox_esr
thunderbird
firefox
|
When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a us…
|
NVD-CWE-noinfo
|
CVE-2020-35111
|
2024-11-21 14:26 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209745
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an …
|
NVD-CWE-noinfo
|
CVE-2020-35112
|
2024-11-21 14:26 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209746
|
5.4 |
MEDIUM
Network
|
dell
|
unisphere
powermax_os
|
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scri…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35170
|
2024-11-21 14:26 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209747
|
9.8 |
CRITICAL
Network
|
amaze_file_manager_project
|
amaze_file_manager
|
The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.…
|
NVD-CWE-noinfo
|
CVE-2020-35173
|
2024-11-21 14:26 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209748
|
7.2 |
HIGH
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename fo…
|
CWE-88
Argument Injection
|
CVE-2020-35136
|
2024-11-21 14:26 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209749
|
8.8 |
HIGH
Network
|
phpgurukul
|
online_marriage_registration_system
|
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.
|
CWE-89
SQL Injection
|
CVE-2020-35151
|
2024-11-21 14:26 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209750
|
5.3 |
MEDIUM
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-35177
|
2024-11-21 14:26 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
