• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

NVD-CWE-noinfo

CVE-2020-35575

February 26, 2023 by

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.

CVE-2020-35470

February 26, 2023 by

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).

CVE-2020-35471

February 26, 2023 by

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.

CVE-2020-35380

February 26, 2023 by

GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.

CVE-2020-35381

February 26, 2023 by

jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.

CVE-2020-35388

February 26, 2023 by

rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 591
  • Go to page 592
  • Go to page 593
  • Go to page 594
  • Go to page 595
  • Interim pages omitted …
  • Go to page 2387
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE