|
209001
|
6.5 |
MEDIUM
Network
|
apache
|
pulsar_manager
|
In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.
|
NVD-CWE-noinfo
|
CVE-2020-17520
|
2024-11-21 14:08 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209002
|
5.3 |
MEDIUM
Network
|
apache
|
airflow
|
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-17513
|
2024-11-21 14:08 |
2020-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209003
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection w…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-17511
|
2024-11-21 14:08 |
2020-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209004
|
5.3 |
MEDIUM
Network
|
butok
|
fnet
|
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_pol…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-17470
|
2024-11-21 14:08 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209005
|
7.5 |
HIGH
Network
|
butok
|
fnet
|
An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn't check for a valid length of an extension header, and therefore an …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-17468
|
2024-11-21 14:08 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209006
|
9.1 |
CRITICAL
Network
|
butok
|
fnet
|
An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't ref…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-17467
|
2024-11-21 14:08 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209007
|
7.5 |
HIGH
Network
|
butok
|
fnet
|
An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference …
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2020-17469
|
2024-11-21 14:08 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209008
|
7.5 |
HIGH
Network
|
altran
|
picotcp
|
An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 destination options does not check for a valid length of the destination options header. This results in an Out-of-Bounds Re…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-17445
|
2024-11-21 14:08 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209009
|
7.5 |
HIGH
Network
|
altran
|
picotcp
|
An issue was discovered in picoTCP 1.7.0. The routine for processing the next header field (and deducing whether the IPv6 extension headers are valid) doesn't check whether the header extension lengt…
|
CWE-20
CWE-190
CWE-835
Improper Input Validation
Integer Overflow or Wraparound
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-17444
|
2024-11-21 14:08 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209010
|
7.5 |
HIGH
Network
|
altran
|
picotcp
|
An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn't check whether the ICMPv6 echo request packet's size is shorter than 8 bytes. If the size of the incoming…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-17443
|
2024-11-21 14:08 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
