|
209401
|
6.5 |
MEDIUM
Adjacent
|
tp-link
|
tl-ps310u_firmware
|
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-15057
|
2024-11-21 14:04 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209402
|
4.3 |
MEDIUM
Adjacent
|
tp-link
|
tl-ps310u_firmware
|
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted se…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15056
|
2024-11-21 14:04 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209403
|
8.8 |
HIGH
Adjacent
|
tp-link
|
tl-ps310u_firmware
|
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
|
CWE-287
Improper Authentication
|
CVE-2020-15055
|
2024-11-21 14:04 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209404
|
8.8 |
HIGH
Adjacent
|
tp-link
|
tl-ps310u_firmware
|
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unenc…
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2020-15054
|
2024-11-21 14:04 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209405
|
7.5 |
HIGH
Network
|
prismjs
|
previewers
|
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15138
|
2024-11-21 14:04 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209406
|
7.7 |
HIGH
Network
|
redhat
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoin…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2020-15114
|
2024-11-21 14:04 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209407
|
6.5 |
MEDIUM
Network
|
redhat
fedoraproject
|
etcd
fedora
|
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on e…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15136
|
2024-11-21 14:04 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209408
|
7.5 |
HIGH
Network
|
redhat
fedoraproject
|
etcd
fedora
|
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess …
|
-
|
CVE-2020-15115
|
2024-11-21 14:04 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209409
|
5.3 |
MEDIUM
Network
|
sulu
|
sulu
|
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-15132
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209410
|
7.5 |
HIGH
Network
|
projectcontour
|
contour
|
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15127
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
