|
212941
|
6.1 |
MEDIUM
Network
|
jquery
debian
fedoraproject
drupal
oracle
netapp
tenable
|
jquery
debian_linux
fedora
drupal
weblogic_server
hyperion_financial_reporting
webcenter_sites
application_testing_suite
communications_operations_monitor
communications_in…
|
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation m…
|
-
|
CVE-2020-11023
|
2024-11-21 13:56 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212942
|
7.5 |
HIGH
Network
|
http-client_project
|
http-client
|
Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if c…
|
NVD-CWE-noinfo
|
CVE-2020-11021
|
2024-11-21 13:56 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212943
|
6.5 |
MEDIUM
Network
|
pagerduty
|
rundeck
|
In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-11009
|
2024-11-21 13:56 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212944
|
6.1 |
MEDIUM
Network
|
netgate
|
pfsense
|
An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is n…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10797
|
2024-11-21 13:56 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212945
|
8.6 |
HIGH
Network
|
simpleledger
|
electron-cash-slp
|
Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token creators that use the "Mint Tool" feature of the Electron Cash SLP Edition are at risk of sending the minting authority baton to …
|
NVD-CWE-noinfo
|
CVE-2020-11014
|
2024-11-21 13:56 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212946
|
5.4 |
MEDIUM
Network
|
hashicorp
|
nomad
|
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. F…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10944
|
2024-11-21 13:56 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212947
|
6.5 |
MEDIUM
Network
|
percona
|
xtrabackup
|
Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is p…
|
CWE-200
Information Exposure
|
CVE-2020-10997
|
2024-11-21 13:56 |
2020-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212948
|
8.1 |
HIGH
Network
|
percona
|
xtradb_cluster
|
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.
|
CWE-798
CWE-838
Use of Hard-coded Credentials
Inappropriate Encoding for Output Context
|
CVE-2020-10996
|
2024-11-21 13:56 |
2020-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212949
|
7.5 |
HIGH
Network
|
admidio
|
admidio
|
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging i…
|
CWE-89
SQL Injection
|
CVE-2020-11004
|
2024-11-21 13:56 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212950
|
5.0 |
MEDIUM
Network
|
helm
|
helm
|
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the…
|
CWE-200
Information Exposure
|
CVE-2020-11013
|
2024-11-21 13:56 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
