|
212231
|
7.2 |
HIGH
Network
|
barco
|
transform_n
|
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authentica…
|
CWE-77
Command Injection
|
CVE-2020-17503
|
2024-11-21 14:08 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212232
|
7.2 |
HIGH
Network
|
barco
|
transform_n
|
Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow…
|
CWE-77
Command Injection
|
CVE-2020-17502
|
2024-11-21 14:08 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212233
|
9.8 |
CRITICAL
Network
|
barco
|
transform_n
|
Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over ht…
|
CWE-77
Command Injection
|
CVE-2020-17500
|
2024-11-21 14:08 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212234
|
7.5 |
HIGH
Network
|
apache
|
flink
|
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the Jo…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-17519
|
2024-11-21 14:08 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212235
|
7.5 |
HIGH
Network
|
apache
|
flink
|
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be …
|
CWE-22
Path Traversal
|
CVE-2020-17518
|
2024-11-21 14:08 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212236
|
8.1 |
HIGH
Network
|
apache
|
accumulo
|
Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain …
|
-
|
CVE-2020-17533
|
2024-11-21 14:08 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212237
|
7.7 |
HIGH
Network
|
apache
|
airflow
|
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Air…
|
NVD-CWE-noinfo
|
CVE-2020-17526
|
2024-11-21 14:08 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212238
|
6.5 |
MEDIUM
Network
|
apache
|
pulsar_manager
|
In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.
|
NVD-CWE-noinfo
|
CVE-2020-17520
|
2024-11-21 14:08 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212239
|
5.3 |
MEDIUM
Network
|
apache
|
airflow
|
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-17513
|
2024-11-21 14:08 |
2020-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212240
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection w…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-17511
|
2024-11-21 14:08 |
2020-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
