Search Results (362815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-35203 1 Quest 1 Policy Authority For Unified Communications 2024-11-21 6.1 Medium
Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-35202 1 Igniterealtime 1 Openfire 2024-11-21 5.4 Medium
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
CVE-2020-35201 1 Igniterealtime 1 Openfire 2024-11-21 5.4 Medium
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
CVE-2020-35200 1 Igniterealtime 1 Openfire 2024-11-21 6.1 Medium
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
CVE-2020-35199 1 Igniterealtime 1 Openfire 2024-11-21 5.4 Medium
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
CVE-2020-35198 2 Oracle, Windriver 2 Communications Eagle, Vxworks 2024-11-21 9.8 Critical
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
CVE-2020-35197 1 Docker 1 Memcached Docker Image 2024-11-21 9.8 Critical
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35196 1 Docker 1 Rabbitmq Docker Image 2024-11-21 9.8 Critical
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35195 1 Docker 1 Haproxy Docker Image 2024-11-21 9.8 Critical
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35193 1 Sonarsource 1 Sonarqube Docker Image 2024-11-21 9.8 Critical
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35192 1 Hashicorp 1 Vault 2024-11-21 9.8 Critical
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35191 1 Drupal 1 Drupal Docker Images 2024-11-21 9.8 Critical
The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35190 1 Plone 1 Plone 2024-11-21 9.8 Critical
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35189 1 Kong 1 Kong Alpine Docker Image 2024-11-21 9.8 Critical
The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35187 1 Influxdata 1 Telegraf 2024-11-21 9.8 Critical
The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35186 1 Docker 1 Adminer 2024-11-21 9.8 Critical
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35185 1 Docker 1 Ghost Alpine Docker Image 2024-11-21 9.8 Critical
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35184 1 Docker 1 Composer Docker Image 2024-11-21 9.8 Critical
The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35177 1 Hashicorp 1 Vault 2024-11-21 5.3 Medium
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
CVE-2020-35176 3 Awstats, Debian, Fedoraproject 3 Awstats, Debian Linux, Fedora 2024-11-21 5.3 Medium
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.