|
215971
|
5.8 |
MEDIUM
Network
|
apache
|
traffic_control
|
When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary conten…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-17522
|
2024-11-21 14:08 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215972
|
8.8 |
HIGH
Network
|
apache
|
java_chassis
|
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-17532
|
2024-11-21 14:08 |
2021-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215973
|
7.0 |
HIGH
Local
|
apache
|
html\/java_api
|
There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability has r…
|
CWE-362
Race Condition
|
CVE-2020-17534
|
2024-11-21 14:08 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215974
|
7.5 |
HIGH
Network
|
apache
|
traffic_server
|
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 …
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-17509
|
2024-11-21 14:08 |
2021-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215975
|
7.5 |
HIGH
Network
|
apache
|
traffic_server
|
The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.
|
NVD-CWE-noinfo
|
CVE-2020-17508
|
2024-11-21 14:08 |
2021-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215976
|
7.2 |
HIGH
Network
|
barco
|
transform_n
|
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authentica…
|
CWE-77
Command Injection
|
CVE-2020-17504
|
2024-11-21 14:08 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215977
|
7.2 |
HIGH
Network
|
barco
|
transform_n
|
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authentica…
|
CWE-77
Command Injection
|
CVE-2020-17503
|
2024-11-21 14:08 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215978
|
7.2 |
HIGH
Network
|
barco
|
transform_n
|
Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow…
|
CWE-77
Command Injection
|
CVE-2020-17502
|
2024-11-21 14:08 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215979
|
9.8 |
CRITICAL
Network
|
barco
|
transform_n
|
Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over ht…
|
CWE-77
Command Injection
|
CVE-2020-17500
|
2024-11-21 14:08 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215980
|
7.5 |
HIGH
Network
|
apache
|
flink
|
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the Jo…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-17519
|
2024-11-21 14:08 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
