|
210531
|
7.5 |
HIGH
Network
|
prismjs
|
previewers
|
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15138
|
2024-11-21 14:04 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210532
|
7.7 |
HIGH
Network
|
redhat
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoin…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2020-15114
|
2024-11-21 14:04 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210533
|
6.5 |
MEDIUM
Network
|
redhat
fedoraproject
|
etcd
fedora
|
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on e…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15136
|
2024-11-21 14:04 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210534
|
7.5 |
HIGH
Network
|
redhat
fedoraproject
|
etcd
fedora
|
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess …
|
-
|
CVE-2020-15115
|
2024-11-21 14:04 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210535
|
5.3 |
MEDIUM
Network
|
sulu
|
sulu
|
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-15132
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210536
|
7.5 |
HIGH
Network
|
projectcontour
|
contour
|
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15127
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210537
|
7.1 |
HIGH
Local
|
etcd
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS con…
|
-
|
CVE-2020-15113
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210538
|
6.5 |
MEDIUM
Network
|
etcd
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are b…
|
CWE-129
Improper Validation of Array Index
|
CVE-2020-15112
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210539
|
6.5 |
MEDIUM
Network
|
etcd
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on …
|
NVD-CWE-Other
|
CVE-2020-15106
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210540
|
5.3 |
MEDIUM
Network
|
nebulab
|
solidus
|
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request…
|
CWE-862
Missing Authorization
|
CVE-2020-15109
|
2024-11-21 14:04 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
