|
208941
|
7.5 |
HIGH
Network
|
apache
|
flink
|
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the Jo…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-17519
|
2024-11-21 14:08 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208942
|
7.5 |
HIGH
Network
|
apache
|
flink
|
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be …
|
CWE-22
Path Traversal
|
CVE-2020-17518
|
2024-11-21 14:08 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208943
|
8.1 |
HIGH
Network
|
apache
|
accumulo
|
Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain …
|
-
|
CVE-2020-17533
|
2024-11-21 14:08 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208944
|
7.7 |
HIGH
Network
|
apache
|
airflow
|
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Air…
|
NVD-CWE-noinfo
|
CVE-2020-17526
|
2024-11-21 14:08 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208945
|
6.5 |
MEDIUM
Network
|
apache
|
pulsar_manager
|
In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.
|
NVD-CWE-noinfo
|
CVE-2020-17520
|
2024-11-21 14:08 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208946
|
5.3 |
MEDIUM
Network
|
apache
|
airflow
|
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-17513
|
2024-11-21 14:08 |
2020-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208947
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection w…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-17511
|
2024-11-21 14:08 |
2020-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208948
|
5.3 |
MEDIUM
Network
|
butok
|
fnet
|
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_pol…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-17470
|
2024-11-21 14:08 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208949
|
7.5 |
HIGH
Network
|
butok
|
fnet
|
An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn't check for a valid length of an extension header, and therefore an …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-17468
|
2024-11-21 14:08 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208950
|
9.1 |
CRITICAL
Network
|
butok
|
fnet
|
An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't ref…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-17467
|
2024-11-21 14:08 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
