Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-09 | CVE-2020-9299 | Cross-site Scripting vulnerability in Netflix Dispatch There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. | 3.5 |
| 2020-11-09 | CVE-2020-8276 | Cleartext Storage of Sensitive Information vulnerability in Brave The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. | 2.1 |
| 2020-11-09 | CVE-2020-8268 | Improper Input Validation vulnerability in Json8-Merge-Patch Project Json8-Merge-Patch Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor. | 5.0 |
| 2020-11-09 | CVE-2020-8150 | Missing Encryption of Sensitive Data vulnerability in Nextcloud Server A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. | 1.9 |
| 2020-11-09 | CVE-2020-8133 | Improper Verification of Cryptographic Signature vulnerability in Nextcloud Server 19.0.1 A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | 5.3 |
| 2020-11-09 | CVE-2020-25655 | Incorrect Authorization vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0 An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. | 6.5 |
| 2020-11-09 | CVE-2020-24353 | Cross-site Scripting vulnerability in Pega Platform Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. | 4.3 |
| 2020-11-09 | CVE-2020-15297 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Update Server Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. | 6.4 |
| 2020-11-09 | CVE-2020-28351 | Cross-site Scripting vulnerability in Mitel Shoretel Firmware 19.46.1802.0 The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page. | 4.3 |
| 2020-11-09 | CVE-2020-28349 | Improper Input Validation vulnerability in Chirpstack Network Server 3.9.0 An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. | 6.5 |