|
211131
|
5.4 |
MEDIUM
Network
|
redhat
|
keycloak
single_sign-on
|
It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authe…
|
CWE-79
Cross-site Scripting
|
CVE-2020-1697
|
2024-11-21 14:11 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211132
|
7.0 |
HIGH
Local
|
redhat
|
openshift_container_platform
|
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them mo…
|
-
|
CVE-2020-1708
|
2024-11-21 14:11 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211133
|
6.5 |
MEDIUM
Network
|
ceph
redhat
opensuse
canonical
|
ceph
openshift_container_storage
leap
ubuntu_linux
|
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-1700
|
2024-11-21 14:11 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211134
|
5.4 |
MEDIUM
Network
|
otrs
|
otrs
|
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-1768
|
2024-11-21 14:11 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211135
|
8.1 |
HIGH
Network
|
apache
|
spamassassin
|
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. Th…
|
CWE-78
OS Command
|
CVE-2020-1931
|
2024-11-21 14:11 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211136
|
8.1 |
HIGH
Network
|
apache
|
spamassassin
|
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-1180…
|
CWE-78
OS Command
|
CVE-2020-1930
|
2024-11-21 14:11 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211137
|
7.5 |
HIGH
Network
|
apache
|
jackrabbit_oak
|
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2020-1940
|
2024-11-21 14:11 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211138
|
6.1 |
MEDIUM
Network
|
apache
|
nifi
|
A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in othe…
|
CWE-79
Cross-site Scripting
|
CVE-2020-1933
|
2024-11-21 14:11 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211139
|
6.5 |
MEDIUM
Network
|
apache
|
superset
|
An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed pa…
|
NVD-CWE-noinfo
|
CVE-2020-1932
|
2024-11-21 14:11 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211140
|
5.3 |
MEDIUM
Network
|
apache
|
nifi
|
An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a s…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-1928
|
2024-11-21 14:11 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
