Export limit exceeded: 364436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364436 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29604 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2024-11-21 | 6.5 Medium |
| An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information. | ||||
| CVE-2020-29603 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2024-11-21 | 4.3 Medium |
| In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them. | ||||
| CVE-2020-29602 | 1 Irssi | 1 Docker Image | 2024-11-21 | 9.8 Critical |
| The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29601 | 1 Docker | 1 Notary Docker Image | 2024-11-21 | 9.8 Critical |
| The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29600 | 3 Awstats, Debian, Fedoraproject | 3 Awstats, Debian Linux, Fedora | 2024-11-21 | 9.8 Critical |
| In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501. | ||||
| CVE-2020-29599 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-11-21 | 7.8 High |
| ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c. | ||||
| CVE-2020-29597 | 1 Incomcms Project | 1 Incomcms | 2024-11-21 | 9.8 Critical |
| IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server. | ||||
| CVE-2020-29596 | 1 Miniweb Http Server Project | 1 Miniweb Http Server | 2024-11-21 | 7.5 High |
| MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request. | ||||
| CVE-2020-29595 | 1 Acdsee | 1 Photo Studio 2021 | 2024-11-21 | 9.8 Critical |
| PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa. | ||||
| CVE-2020-29594 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 9.8 Critical |
| Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. | ||||
| CVE-2020-29593 | 1 Orchardproject | 1 Orchard | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display. | ||||
| CVE-2020-29592 | 1 Orchardproject | 1 Orchard | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings). | ||||
| CVE-2020-29591 | 1 Docker | 1 Registry | 2024-11-21 | 9.8 Critical |
| Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29587 | 1 Simplcommerce | 1 Simplcommerce | 2024-11-21 | 5.4 Medium |
| SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html() function to directly append the payload to a dialog. | ||||
| CVE-2020-29581 | 1 Docker | 1 Spiped Alpine Docker Image | 2024-11-21 | 9.8 Critical |
| The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29580 | 1 Docker | 1 Storm Docker Image | 2024-11-21 | 9.8 Critical |
| The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29579 | 1 Express-gateway | 1 Express-gateway Docker Image | 2024-11-21 | 9.8 Critical |
| The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access. | ||||
| CVE-2020-29578 | 1 Matomo | 1 Piwik Fpm-alpine Docker Image | 2024-11-21 | 9.8 Critical |
| The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access. | ||||
| CVE-2020-29577 | 1 Znc | 1 Znc Docker Image | 2024-11-21 | 9.8 Critical |
| The official znc docker images before 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29576 | 1 Eggheads | 1 Eggdrop Docker Image | 2024-11-21 | 9.8 Critical |
| The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password. | ||||