Export limit exceeded: 364697 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364697 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35202 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 5.4 Medium |
| Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS. | ||||
| CVE-2020-35201 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 5.4 Medium |
| Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS. | ||||
| CVE-2020-35200 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 6.1 Medium |
| Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS. | ||||
| CVE-2020-35199 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 5.4 Medium |
| Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS. | ||||
| CVE-2020-35198 | 2 Oracle, Windriver | 2 Communications Eagle, Vxworks | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. | ||||
| CVE-2020-35197 | 1 Docker | 1 Memcached Docker Image | 2024-11-21 | 9.8 Critical |
| The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-35196 | 1 Docker | 1 Rabbitmq Docker Image | 2024-11-21 | 9.8 Critical |
| The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-35195 | 1 Docker | 1 Haproxy Docker Image | 2024-11-21 | 9.8 Critical |
| The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-35193 | 1 Sonarsource | 1 Sonarqube Docker Image | 2024-11-21 | 9.8 Critical |
| The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-35192 | 1 Hashicorp | 1 Vault | 2024-11-21 | 9.8 Critical |
| The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-35191 | 1 Drupal | 1 Drupal Docker Images | 2024-11-21 | 9.8 Critical |
| The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-35190 | 1 Plone | 1 Plone | 2024-11-21 | 9.8 Critical |
| The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-35189 | 1 Kong | 1 Kong Alpine Docker Image | 2024-11-21 | 9.8 Critical |
| The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-35187 | 1 Influxdata | 1 Telegraf | 2024-11-21 | 9.8 Critical |
| The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-35186 | 1 Docker | 1 Adminer | 2024-11-21 | 9.8 Critical |
| The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-35185 | 1 Docker | 1 Ghost Alpine Docker Image | 2024-11-21 | 9.8 Critical |
| The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-35184 | 1 Docker | 1 Composer Docker Image | 2024-11-21 | 9.8 Critical |
| The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-35177 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.3 Medium |
| HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1. | ||||
| CVE-2020-35176 | 3 Awstats, Debian, Fedoraproject | 3 Awstats, Debian Linux, Fedora | 2024-11-21 | 5.3 Medium |
| In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. | ||||
| CVE-2020-35175 | 1 Frappe | 1 Frappe | 2024-11-21 | 5.3 Medium |
| Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API. | ||||