|
212971
|
8.8 |
HIGH
Adjacent
|
tp-link
|
tl-ps310u_firmware
|
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unenc…
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2020-15054
|
2024-11-21 14:04 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212972
|
7.5 |
HIGH
Network
|
prismjs
|
previewers
|
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15138
|
2024-11-21 14:04 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212973
|
7.7 |
HIGH
Network
|
redhat
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoin…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2020-15114
|
2024-11-21 14:04 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212974
|
6.5 |
MEDIUM
Network
|
redhat
fedoraproject
|
etcd
fedora
|
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on e…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15136
|
2024-11-21 14:04 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212975
|
7.5 |
HIGH
Network
|
redhat
fedoraproject
|
etcd
fedora
|
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess …
|
-
|
CVE-2020-15115
|
2024-11-21 14:04 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212976
|
5.3 |
MEDIUM
Network
|
sulu
|
sulu
|
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-15132
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212977
|
7.5 |
HIGH
Network
|
projectcontour
|
contour
|
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15127
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212978
|
7.1 |
HIGH
Local
|
etcd
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS con…
|
-
|
CVE-2020-15113
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212979
|
6.5 |
MEDIUM
Network
|
etcd
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are b…
|
CWE-129
Improper Validation of Array Index
|
CVE-2020-15112
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212980
|
6.5 |
MEDIUM
Network
|
etcd
fedoraproject
|
etcd
fedora
|
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on …
|
NVD-CWE-Other
|
CVE-2020-15106
|
2024-11-21 14:04 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
