|
200321
|
5.3 |
MEDIUM
Network
|
envoyproxy
|
envoy
|
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not ins…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-8660
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200322
|
5.3 |
MEDIUM
Network
|
cncf
|
envoy
|
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined valida…
|
CWE-287
Improper Authentication
|
CVE-2020-8664
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200323
|
7.5 |
HIGH
Network
|
cncf
redhat
|
envoy
openshift_service_mesh
|
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8661
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200324
|
7.5 |
HIGH
Network
|
cncf
redhat
debian
|
envoy
openshift_service_mesh
debian_linux
|
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-8659
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200325
|
9.8 |
CRITICAL
Network
|
zyxel
|
nas326_firmware
nas520_firmware
nas540_firmware
nas542_firmware
atp100_firmware
atp200_firmware
atp500_firmware
atp800_firmware
usg20-vpn_firmware
usg20w-vpn_firmware
us…
|
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to…
|
CWE-78
OS Command
|
CVE-2020-9054
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200326
|
5.4 |
MEDIUM
Network
|
alfresco
|
alfresco
|
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8778
|
2024-11-21 14:39 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200327
|
5.4 |
MEDIUM
Network
|
alfresco
|
alfresco
|
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8777
|
2024-11-21 14:39 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200328
|
5.4 |
MEDIUM
Network
|
alfresco
|
alfresco
|
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8776
|
2024-11-21 14:39 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200329
|
6.1 |
MEDIUM
Network
|
fiserv
|
accurate_reconciliation
|
Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8952
|
2024-11-21 14:39 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200330
|
5.4 |
MEDIUM
Network
|
fiserv
|
accurate_reconciliation
|
Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the Source or Destination field of the Configuration Manager (Configuration Parameter Translation) page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8951
|
2024-11-21 14:39 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
