|
210541
|
7.6 |
HIGH
Network
|
save-server_project
|
save-server
|
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uplo…
|
CWE-352
Origin Validation Error
|
CVE-2020-15135
|
2024-11-21 14:04 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210542
|
8.7 |
HIGH
Network
|
faye_project
|
faye
|
Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15134
|
2024-11-21 14:04 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210543
|
8.7 |
HIGH
Network
|
faye-websocket_project
|
faye-websocket
|
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15133
|
2024-11-21 14:04 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210544
|
6.3 |
MEDIUM
Network
|
octobercms
|
october
|
In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other th…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-15128
|
2024-11-21 14:04 |
2020-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210545
|
7.5 |
HIGH
Network
|
simpleledger
|
slp-validate
|
In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP w…
|
CWE-697
Incorrect Comparison
|
CVE-2020-15131
|
2024-11-21 14:04 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210546
|
7.5 |
HIGH
Network
|
simpleledger
|
slpjs
|
In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or oppo…
|
CWE-697
Incorrect Comparison
|
CVE-2020-15130
|
2024-11-21 14:04 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210547
|
4.7 |
MEDIUM
Network
|
traefik
|
traefik
|
In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard compo…
|
CWE-601
Open Redirect
|
CVE-2020-15129
|
2024-11-21 14:04 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210548
|
7.7 |
HIGH
Network
|
auth0
|
auth0.js
|
In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-15125
|
2024-11-21 14:04 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210549
|
8.1 |
HIGH
Network
|
typo3
|
typo3
|
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic messa…
|
CWE-20
Improper Input Validation
|
CVE-2020-15099
|
2024-11-21 14:04 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210550
|
8.8 |
HIGH
Network
|
typo3
|
typo3
|
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used …
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-15098
|
2024-11-21 14:04 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
