|
197431
|
7.5 |
HIGH
Network
|
netapp
|
storagegrid
|
StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a D…
|
NVD-CWE-noinfo
|
CVE-2020-8571
|
2024-11-21 14:39 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197432
|
5.5 |
MEDIUM
Local
|
huawei
|
honor_v30_firmware
|
Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device …
|
CWE-287
Improper Authentication
|
CVE-2020-9064
|
2024-11-21 14:39 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197433
|
9.1 |
CRITICAL
Network
|
johnsoncontrols
|
metasys_system_configuration_tool
metasys_lonworks_control_server
metasys_open_application_server
metasys_open_data_server
metasys_extended_application_and_data_server
metasys_applicat…
|
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Ap…
|
CWE-611
XXE
|
CVE-2020-9044
|
2024-11-21 14:39 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197434
|
7.4 |
HIGH
Network
|
avast
|
avg_antitrack
antitrack
|
Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-8987
|
2024-11-21 14:39 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197435
|
7.8 |
HIGH
Local
|
wftpserver
|
wing_ftp_server
|
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full p…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-8635
|
2024-11-21 14:39 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197436
|
7.8 |
HIGH
Local
|
wftpserver
|
wing_ftp_server
|
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and worl…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-8634
|
2024-11-21 14:39 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197437
|
6.8 |
MEDIUM
Physics
|
mi
|
mdz-25-dt_firmware
|
An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialo…
|
CWE-287
Improper Authentication
|
CVE-2020-8994
|
2024-11-21 14:39 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197438
|
5.3 |
MEDIUM
Network
|
envoyproxy
|
envoy
|
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not ins…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-8660
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197439
|
5.3 |
MEDIUM
Network
|
cncf
|
envoy
|
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined valida…
|
CWE-287
Improper Authentication
|
CVE-2020-8664
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197440
|
7.5 |
HIGH
Network
|
cncf
redhat
|
envoy
openshift_service_mesh
|
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8661
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
