|
214061
|
6.1 |
MEDIUM
Network
|
netgate
|
pfsense
|
An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is n…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10797
|
2024-11-21 13:56 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214062
|
8.6 |
HIGH
Network
|
simpleledger
|
electron-cash-slp
|
Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token creators that use the "Mint Tool" feature of the Electron Cash SLP Edition are at risk of sending the minting authority baton to …
|
NVD-CWE-noinfo
|
CVE-2020-11014
|
2024-11-21 13:56 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214063
|
5.4 |
MEDIUM
Network
|
hashicorp
|
nomad
|
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. F…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10944
|
2024-11-21 13:56 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214064
|
6.5 |
MEDIUM
Network
|
percona
|
xtrabackup
|
Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is p…
|
CWE-200
Information Exposure
|
CVE-2020-10997
|
2024-11-21 13:56 |
2020-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214065
|
8.1 |
HIGH
Network
|
percona
|
xtradb_cluster
|
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.
|
CWE-798
CWE-838
Use of Hard-coded Credentials
Inappropriate Encoding for Output Context
|
CVE-2020-10996
|
2024-11-21 13:56 |
2020-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214066
|
7.5 |
HIGH
Network
|
admidio
|
admidio
|
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging i…
|
CWE-89
SQL Injection
|
CVE-2020-11004
|
2024-11-21 13:56 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214067
|
5.0 |
MEDIUM
Network
|
helm
|
helm
|
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the…
|
CWE-200
Information Exposure
|
CVE-2020-11013
|
2024-11-21 13:56 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214068
|
7.5 |
HIGH
Network
|
minio
|
minio
|
MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating …
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-11012
|
2024-11-21 13:56 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214069
|
9.8 |
CRITICAL
Network
|
veeam
|
one
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specifi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10915
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214070
|
9.8 |
CRITICAL
Network
|
veeam
|
one
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specifi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10914
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
