|
197921
|
7.5 |
HIGH
Network
|
electriccoin
|
zcashd
|
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block head…
|
CWE-863
Incorrect Authorization
|
CVE-2020-8806
|
2024-11-21 14:39 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197922
|
3.5 |
LOW
Adjacent
|
netapp
|
clustered_data_ontap
|
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) …
|
NVD-CWE-noinfo
|
CVE-2020-8589
|
2024-11-21 14:39 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197923
|
3.5 |
LOW
Adjacent
|
netapp
|
clustered_data_ontap
|
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Mach…
|
NVD-CWE-noinfo
|
CVE-2020-8588
|
2024-11-21 14:39 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197924
|
7.8 |
HIGH
Local
|
intel
|
bios
|
Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-8672
|
2024-11-21 14:39 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197925
|
6.7 |
MEDIUM
Local
|
intel
|
m10jnp2sb_firmware
|
Improper input validation in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access.
|
CWE-20
Improper Input Validation
|
CVE-2020-8734
|
2024-11-21 14:39 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197926
|
5.5 |
MEDIUM
Local
|
netapp
|
oncommand_unified_manager
|
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).
|
CWE-59
Link Following
|
CVE-2020-8585
|
2024-11-21 14:39 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197927
|
9.1 |
CRITICAL
Network
|
kubernetes
|
java
|
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a malic…
|
CWE-22
Path Traversal
|
CVE-2020-8570
|
2024-11-21 14:39 |
2021-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197928
|
6.5 |
MEDIUM
Network
|
kubernetes
|
container_storage_interface_snapshotter
|
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim a…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-8569
|
2024-11-21 14:39 |
2021-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197929
|
6.5 |
MEDIUM
Network
|
kubernetes
|
secrets_store_csi_driver
|
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem an…
|
CWE-22
Path Traversal
|
CVE-2020-8568
|
2024-11-21 14:39 |
2021-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197930
|
6.5 |
MEDIUM
Network
|
google
hashicorp
microsoft
|
secret_manager_provider_for_secret_store_csi_driver
vault_provider_for_secrets_store_csi_driver
azure_key_vault_provider_for_secrets_store_csi_driver
|
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass …
|
CWE-22
Path Traversal
|
CVE-2020-8567
|
2024-11-21 14:39 |
2021-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
