|
211291
|
7.5 |
HIGH
Network
|
redhat
fedoraproject
|
etcd
fedora
|
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess …
|
-
|
CVE-2020-15115
|
2024-11-21 14:04 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211292
|
5.3 |
MEDIUM
Network
|
sulu
|
sulu
|
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-15132
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211293
|
7.5 |
HIGH
Network
|
projectcontour
|
contour
|
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15127
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211294
|
7.1 |
HIGH
Local
|
etcd
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS con…
|
-
|
CVE-2020-15113
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211295
|
6.5 |
MEDIUM
Network
|
etcd
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are b…
|
CWE-129
Improper Validation of Array Index
|
CVE-2020-15112
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211296
|
6.5 |
MEDIUM
Network
|
etcd
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on …
|
NVD-CWE-Other
|
CVE-2020-15106
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211297
|
5.3 |
MEDIUM
Network
|
nebulab
|
solidus
|
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request…
|
CWE-862
Missing Authorization
|
CVE-2020-15109
|
2024-11-21 14:04 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211298
|
7.6 |
HIGH
Network
|
save-server_project
|
save-server
|
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uplo…
|
CWE-352
Origin Validation Error
|
CVE-2020-15135
|
2024-11-21 14:04 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211299
|
8.7 |
HIGH
Network
|
faye_project
|
faye
|
Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15134
|
2024-11-21 14:04 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211300
|
8.7 |
HIGH
Network
|
faye-websocket_project
|
faye-websocket
|
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15133
|
2024-11-21 14:04 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
