|
213491
|
8.1 |
HIGH
Network
|
percona
|
xtradb_cluster
|
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.
|
CWE-798
CWE-838
Use of Hard-coded Credentials
Inappropriate Encoding for Output Context
|
CVE-2020-10996
|
2024-11-21 13:56 |
2020-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213492
|
7.5 |
HIGH
Network
|
admidio
|
admidio
|
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging i…
|
CWE-89
SQL Injection
|
CVE-2020-11004
|
2024-11-21 13:56 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213493
|
5.0 |
MEDIUM
Network
|
helm
|
helm
|
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the…
|
CWE-200
Information Exposure
|
CVE-2020-11013
|
2024-11-21 13:56 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213494
|
7.5 |
HIGH
Network
|
minio
|
minio
|
MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating …
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-11012
|
2024-11-21 13:56 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213495
|
9.8 |
CRITICAL
Network
|
veeam
|
one
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specifi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10915
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213496
|
9.8 |
CRITICAL
Network
|
veeam
|
one
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specifi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10914
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213497
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the …
|
CWE-843
Type Confusion
|
CVE-2020-10913
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213498
|
7.8 |
HIGH
Local
|
foxitsoftware
|
phantompdf
reader
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the …
|
CWE-843
Type Confusion
|
CVE-2020-10912
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213499
|
7.8 |
HIGH
Local
|
foxitsoftware
|
phantompdf
reader
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the …
|
CWE-843
Type Confusion
|
CVE-2020-10911
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213500
|
7.8 |
HIGH
Local
|
foxitsoftware
|
phantompdf
reader
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the …
|
CWE-843
Type Confusion
|
CVE-2020-10910
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
