Total
1720 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15078 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 7.5 High |
| OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | ||||
| CVE-2020-14501 | 1 Advantech | 1 Iview | 2024-11-21 | 9.8 Critical |
| Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account. | ||||
| CVE-2020-14245 | 1 Hcltechsw | 1 Onetest Performance | 2024-11-21 | 9.8 Critical |
| HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources. | ||||
| CVE-2020-14048 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 7.5 High |
| Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents. | ||||
| CVE-2020-13920 | 4 Apache, Debian, Oracle and 1 more | 7 Activemq, Debian Linux, Communications Diameter Signaling Router and 4 more | 2024-11-21 | 5.9 Medium |
| Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. | ||||
| CVE-2020-13856 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes. | ||||
| CVE-2020-13838 | 1 Google | 1 Android | 2024-11-21 | 3.5 Low |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020). | ||||
| CVE-2020-13837 | 1 Google | 1 Android | 2024-11-21 | 3.5 Low |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020). | ||||
| CVE-2020-13695 | 1 Quickbox | 1 Quickbox | 2024-11-21 | 7.2 High |
| In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file. | ||||
| CVE-2020-13529 | 4 Fedoraproject, Netapp, Redhat and 1 more | 5 Fedora, Active Iq Unified Manager, Cloud Backup and 2 more | 2024-11-21 | 6.1 Medium |
| An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. | ||||
| CVE-2020-13405 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. | ||||
| CVE-2020-13382 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.1 Critical |
| openSIS through 7.4 has Incorrect Access Control. | ||||
| CVE-2020-13289 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated. | ||||
| CVE-2020-13150 | 1 Dlink | 2 Dsl-2750u, Dsl-2750u Firmware | 2024-11-21 | 7.8 High |
| D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | ||||
| CVE-2020-12877 | 1 Veritas | 1 Aptare | 2024-11-21 | 7.5 High |
| Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. | ||||
| CVE-2020-12720 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 9.8 Critical |
| vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | ||||
| CVE-2020-12621 | 1 Teamwire | 1 Teamwire | 2024-11-21 | 6.1 Medium |
| The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component. | ||||
| CVE-2020-12506 | 1 Wago | 14 750-362, 750-362 Firmware, 750-363 and 11 more | 2024-11-21 | 9.1 Critical |
| Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions. | ||||
| CVE-2020-12505 | 1 Wago | 14 750-831, 750-831 Firmware, 750-852 and 11 more | 2024-11-21 | 8.2 High |
| Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below. | ||||
| CVE-2020-12500 | 1 Pepperl-fuchs | 26 Es7506, Es7506 Firmware, Es7510 and 23 more | 2024-11-21 | 9.8 Critical |
| Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration. | ||||