|
197521
|
7.4 |
HIGH
Network
|
avast
|
avg_antitrack
antitrack
|
Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-8987
|
2024-11-21 14:39 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197522
|
7.8 |
HIGH
Local
|
wftpserver
|
wing_ftp_server
|
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full p…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-8635
|
2024-11-21 14:39 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197523
|
7.8 |
HIGH
Local
|
wftpserver
|
wing_ftp_server
|
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and worl…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-8634
|
2024-11-21 14:39 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197524
|
6.8 |
MEDIUM
Physics
|
mi
|
mdz-25-dt_firmware
|
An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialo…
|
CWE-287
Improper Authentication
|
CVE-2020-8994
|
2024-11-21 14:39 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197525
|
5.3 |
MEDIUM
Network
|
envoyproxy
|
envoy
|
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not ins…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-8660
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197526
|
5.3 |
MEDIUM
Network
|
cncf
|
envoy
|
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined valida…
|
CWE-287
Improper Authentication
|
CVE-2020-8664
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197527
|
7.5 |
HIGH
Network
|
cncf
redhat
|
envoy
openshift_service_mesh
|
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-8661
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197528
|
7.5 |
HIGH
Network
|
cncf
redhat
debian
|
envoy
openshift_service_mesh
debian_linux
|
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-8659
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197529
|
9.8 |
CRITICAL
Network
|
zyxel
|
nas326_firmware
nas520_firmware
nas540_firmware
nas542_firmware
atp100_firmware
atp200_firmware
atp500_firmware
atp800_firmware
usg20-vpn_firmware
usg20w-vpn_firmware
us…
|
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to…
|
CWE-78
OS Command
|
CVE-2020-9054
|
2024-11-21 14:39 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197530
|
5.4 |
MEDIUM
Network
|
alfresco
|
alfresco
|
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8778
|
2024-11-21 14:39 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
