Total
1492 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7369 | 1 Yandex | 1 Yandex Browser | 2024-11-21 | 4.3 Medium |
| User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Yandex Browser version 20.8.3 and prior versions, and was fixed in version 20.8.4 released October 1, 2020. | ||||
| CVE-2020-7128 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 9.8 Critical |
| A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | ||||
| CVE-2020-7115 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 9.8 Critical |
| The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | ||||
| CVE-2020-7114 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 9.8 Critical |
| A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. | ||||
| CVE-2020-7048 | 1 Webfactoryltd | 1 Wp Database Reset | 2024-11-21 | 9.1 Critical |
| The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI. | ||||
| CVE-2020-6964 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2024-11-21 | 8.6 High |
| In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network. | ||||
| CVE-2020-6875 | 1 Zte | 2 Zxone 19700 Snpe, Zxone 19700 Snpe Firmware | 2024-11-21 | 9.8 Critical |
| A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE> | ||||
| CVE-2020-6769 | 1 Bosch | 8 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 3000 and 5 more | 2024-11-21 | 10 Critical |
| Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall. | ||||
| CVE-2020-6309 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.5 High |
| SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service. | ||||
| CVE-2020-6294 | 2 Opengroup, Sap | 2 Unix, Businessobjects Business Intelligence Platform | 2024-11-21 | 9.1 Critical |
| Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. | ||||
| CVE-2020-6263 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 9.8 Critical |
| Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass. | ||||
| CVE-2020-6242 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 9.8 Critical |
| SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check. | ||||
| CVE-2020-6235 | 1 Sap | 1 Solution Manager | 2024-11-21 | 8.6 High |
| SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication. | ||||
| CVE-2020-6198 | 1 Sap | 1 Solution Manager | 2024-11-21 | 9.8 Critical |
| SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check. | ||||
| CVE-2020-6186 | 1 Sap | 1 Host Agent | 2024-11-21 | 7.5 High |
| SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. | ||||
| CVE-2020-6170 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. | ||||
| CVE-2020-5910 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 7.5 High |
| In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized. | ||||
| CVE-2020-5870 | 1 F5 | 1 Big-iq Centralized Management | 2024-11-21 | 8.1 High |
| In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. | ||||
| CVE-2020-5780 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 5.3 Medium |
| Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing. | ||||
| CVE-2020-5589 | 1 Sony | 22 Wf-1000x, Wf-1000x Firmware, Wf-sp700n and 19 more | 2024-11-21 | 8.8 High |
| SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product. | ||||