|
209411
|
7.1 |
HIGH
Local
|
etcd
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS con…
|
-
|
CVE-2020-15113
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209412
|
6.5 |
MEDIUM
Network
|
etcd
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are b…
|
CWE-129
Improper Validation of Array Index
|
CVE-2020-15112
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209413
|
6.5 |
MEDIUM
Network
|
etcd
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on …
|
NVD-CWE-Other
|
CVE-2020-15106
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209414
|
5.3 |
MEDIUM
Network
|
nebulab
|
solidus
|
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request…
|
CWE-862
Missing Authorization
|
CVE-2020-15109
|
2024-11-21 14:04 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209415
|
7.6 |
HIGH
Network
|
save-server_project
|
save-server
|
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uplo…
|
CWE-352
Origin Validation Error
|
CVE-2020-15135
|
2024-11-21 14:04 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209416
|
8.7 |
HIGH
Network
|
faye_project
|
faye
|
Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15134
|
2024-11-21 14:04 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209417
|
8.7 |
HIGH
Network
|
faye-websocket_project
|
faye-websocket
|
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15133
|
2024-11-21 14:04 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209418
|
6.3 |
MEDIUM
Network
|
octobercms
|
october
|
In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other th…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-15128
|
2024-11-21 14:04 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209419
|
7.5 |
HIGH
Network
|
simpleledger
|
slp-validate
|
In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP w…
|
CWE-697
Incorrect Comparison
|
CVE-2020-15131
|
2024-11-21 14:04 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209420
|
7.5 |
HIGH
Network
|
simpleledger
|
slpjs
|
In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or oppo…
|
CWE-697
Incorrect Comparison
|
CVE-2020-15130
|
2024-11-21 14:04 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
