Total
1581 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6875 | 1 Zte | 2 Zxone 19700 Snpe, Zxone 19700 Snpe Firmware | 2024-11-21 | 9.8 Critical |
| A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE> | ||||
| CVE-2020-6769 | 1 Bosch | 8 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 3000 and 5 more | 2024-11-21 | 10 Critical |
| Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall. | ||||
| CVE-2020-6309 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.5 High |
| SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service. | ||||
| CVE-2020-6294 | 2 Opengroup, Sap | 2 Unix, Businessobjects Business Intelligence Platform | 2024-11-21 | 9.1 Critical |
| Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. | ||||
| CVE-2020-6263 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 9.8 Critical |
| Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass. | ||||
| CVE-2020-6242 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 9.8 Critical |
| SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check. | ||||
| CVE-2020-6235 | 1 Sap | 1 Solution Manager | 2024-11-21 | 8.6 High |
| SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication. | ||||
| CVE-2020-6198 | 1 Sap | 1 Solution Manager | 2024-11-21 | 9.8 Critical |
| SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check. | ||||
| CVE-2020-6186 | 1 Sap | 1 Host Agent | 2024-11-21 | 7.5 High |
| SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. | ||||
| CVE-2020-6170 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. | ||||
| CVE-2020-5910 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 7.5 High |
| In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized. | ||||
| CVE-2020-5870 | 1 F5 | 1 Big-iq Centralized Management | 2024-11-21 | 8.1 High |
| In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. | ||||
| CVE-2020-5780 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 5.3 Medium |
| Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing. | ||||
| CVE-2020-5589 | 1 Sony | 22 Wf-1000x, Wf-1000x Firmware, Wf-sp700n and 19 more | 2024-11-21 | 8.8 High |
| SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product. | ||||
| CVE-2020-5373 | 1 Dell | 2 Emc Omimssc For Sccm, Emc Omimssc For Scvmm | 2024-11-21 | 6.5 Medium |
| Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device. | ||||
| CVE-2020-5328 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | 9.8 Critical |
| Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. | ||||
| CVE-2020-5326 | 1 Dell | 348 Chengming 3980, Chengming 3980 Firmware, Embedded Box Pc 5000 and 345 more | 2024-11-21 | 6.1 Medium |
| Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. | ||||
| CVE-2020-5022 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 5.3 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658. | ||||
| CVE-2020-4958 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 9.8 Critical |
| IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209. | ||||
| CVE-2020-4670 | 1 Ibm | 2 Planning Analytics Cloud, Planning Analytics Local | 2024-11-21 | 9.1 Critical |
| IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401. | ||||