Total
1492 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9315 | 1 Oracle | 1 Iplanet Web Server | 2024-11-21 | 7.5 High |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE. | ||||
| CVE-2020-9278 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2024-11-21 | 9.1 Critical |
| An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL. | ||||
| CVE-2020-9275 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials. | ||||
| CVE-2020-9208 | 1 Huawei | 1 Imanager Neteco 6000 | 2024-11-21 | 6.5 Medium |
| There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak. | ||||
| CVE-2020-9143 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.3 Medium |
| There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure. | ||||
| CVE-2020-9062 | 1 Dieboldnixdorf | 2 Probase, Procash 2100xe | 2024-11-21 | 5.3 Medium |
| Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited. | ||||
| CVE-2020-9004 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 8.8 High |
| A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges. This issue was resolved in Wowza Streaming Engine 4.8.5. | ||||
| CVE-2020-8636 | 1 Opservices | 1 Opmon | 2024-11-21 | 9.8 Critical |
| An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution . | ||||
| CVE-2020-8598 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 9.8 Critical |
| Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. | ||||
| CVE-2020-8509 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 High |
| Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. | ||||
| CVE-2020-8497 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 5.3 Medium |
| In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps. | ||||
| CVE-2020-7964 | 1 Mirumee | 1 Saleor | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer). | ||||
| CVE-2020-7954 | 1 Opservices | 1 Opmon | 2024-11-21 | 7.8 High |
| An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo. | ||||
| CVE-2020-7953 | 1 Opservices | 1 Opmon | 2024-11-21 | 7.5 High |
| An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option. | ||||
| CVE-2020-7589 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2024-11-21 | 9.1 Critical |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2020-7561 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 9.8 Critical |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | ||||
| CVE-2020-7540 | 1 Schneider-electric | 46 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 43 more | 2024-11-21 | 9.8 Critical |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests. | ||||
| CVE-2020-7479 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 7.8 High |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service. | ||||
| CVE-2020-7389 | 1 Sage | 2 Syracuse, X3 | 2024-11-21 | 5.5 Medium |
| Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production. | ||||
| CVE-2020-7370 | 1 Boltbrowser | 1 Bolt Browser | 2024-11-21 | 4.3 Medium |
| User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and prior versions. | ||||