|
211391
|
5.4 |
MEDIUM
Network
|
hashicorp
|
nomad
|
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. F…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10944
|
2024-11-21 13:56 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211392
|
6.5 |
MEDIUM
Network
|
percona
|
xtrabackup
|
Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is p…
|
CWE-200
Information Exposure
|
CVE-2020-10997
|
2024-11-21 13:56 |
2020-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211393
|
8.1 |
HIGH
Network
|
percona
|
xtradb_cluster
|
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.
|
CWE-798
CWE-838
Use of Hard-coded Credentials
Inappropriate Encoding for Output Context
|
CVE-2020-10996
|
2024-11-21 13:56 |
2020-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211394
|
7.5 |
HIGH
Network
|
admidio
|
admidio
|
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging i…
|
CWE-89
SQL Injection
|
CVE-2020-11004
|
2024-11-21 13:56 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211395
|
5.0 |
MEDIUM
Network
|
helm
|
helm
|
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the…
|
CWE-200
Information Exposure
|
CVE-2020-11013
|
2024-11-21 13:56 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211396
|
7.5 |
HIGH
Network
|
minio
|
minio
|
MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating …
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-11012
|
2024-11-21 13:56 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211397
|
9.8 |
CRITICAL
Network
|
veeam
|
one
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specifi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10915
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211398
|
9.8 |
CRITICAL
Network
|
veeam
|
one
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specifi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10914
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211399
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the …
|
CWE-843
Type Confusion
|
CVE-2020-10913
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211400
|
7.8 |
HIGH
Local
|
foxitsoftware
|
phantompdf
reader
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the …
|
CWE-843
Type Confusion
|
CVE-2020-10912
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
