|
197191
|
3.5 |
LOW
Adjacent
|
google
|
gerrit
|
An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the defau…
|
CWE-863
Incorrect Authorization
|
CVE-2020-8919
|
2024-11-21 14:39 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197192
|
5.5 |
MEDIUM
Local
|
kubernetes
|
kubernetes
|
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during p…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-8566
|
2024-11-21 14:39 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197193
|
5.5 |
MEDIUM
Local
|
kubernetes
|
kubernetes
|
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. Thi…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-8565
|
2024-11-21 14:39 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197194
|
5.5 |
MEDIUM
Local
|
kubernetes
|
kubernetes
|
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secret…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-8564
|
2024-11-21 14:39 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197195
|
5.5 |
MEDIUM
Local
|
kubernetes
|
kubernetes
|
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-8563
|
2024-11-21 14:39 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197196
|
5.3 |
MEDIUM
Adjacent
|
johnsoncontrols
|
c-cure_web
victor_web
|
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own J…
|
CWE-287
Improper Authentication
|
CVE-2020-9049
|
2024-11-21 14:39 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197197
|
8.1 |
HIGH
Network
|
amazon
|
aws_encryption_sdk
|
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers suc…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-8897
|
2024-11-21 14:39 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197198
|
7.5 |
HIGH
Network
|
netapp
|
hci
element_os
|
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmis…
|
NVD-CWE-noinfo
|
CVE-2020-8583
|
2024-11-21 14:39 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197199
|
6.5 |
MEDIUM
Network
|
netapp
|
hci
element_os
|
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.
|
NVD-CWE-noinfo
|
CVE-2020-8582
|
2024-11-21 14:39 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197200
|
6.5 |
MEDIUM
Network
|
intel
|
data_center_manager
|
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.
|
CWE-20
Improper Input Validation
|
CVE-2020-8669
|
2024-11-21 14:39 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
