Total
205 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8705 | 1 Intel | 3 Converged Security And Manageability Engine, Server Platform Services, Trusted Execution Technology | 2024-11-21 | 6.8 Medium |
| Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. | ||||
| CVE-2020-7729 | 3 Canonical, Debian, Gruntjs | 3 Ubuntu Linux, Debian Linux, Grunt | 2024-11-21 | 7.1 High |
| The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. | ||||
| CVE-2020-7685 | 1 Umbraco | 1 Umbraco Forms | 2024-11-21 | 5.4 Medium |
| This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies. | ||||
| CVE-2020-4001 | 1 Vmware | 1 Sd-wan Orchestrator | 2024-11-21 | 9.8 Critical |
| The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack. | ||||
| CVE-2020-27555 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2024-11-21 | 9.8 Critical |
| Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user. | ||||
| CVE-2020-26930 | 1 Netgear | 2 Ex7700, Ex7700 Firmware | 2024-11-21 | 3.3 Low |
| NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings. | ||||
| CVE-2020-26510 | 1 Airleader | 3 Airleader Easy, Airleader Master, Airleader Master Control | 2024-11-21 | 9.8 Critical |
| Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. | ||||
| CVE-2020-24365 | 1 Gemteks | 4 Wrtm-127acn, Wrtm-127acn Firmware, Wrtm-127x9 and 1 more | 2024-11-21 | 8.8 High |
| An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.) | ||||
| CVE-2020-16873 | 2 Google, Microsoft | 2 Chrome, Xamarin.forms | 2024-11-21 | 4.7 Medium |
| <p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.</p> <p>For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.</p> <p>The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.</p> | ||||
| CVE-2020-14011 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | 9.8 Critical |
| Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features. | ||||
| CVE-2020-13927 | 1 Apache | 1 Airflow | 2024-11-21 | 9.8 Critical |
| The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default | ||||
| CVE-2020-12732 | 1 Depstech | 2 Wifi Digital Microscope 3, Wifi Digital Microscope 3 Firmware | 2024-11-21 | 6.5 Medium |
| DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. | ||||
| CVE-2020-12336 | 1 Intel | 46 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 43 more | 2024-11-21 | 7.8 High |
| Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12327 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | 4.4 Medium |
| Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2020-11915 | 1 Svakom | 3 Siime Eye, Siime Eye Firmware, Svakom Siime Eye Firmware | 2024-11-21 | 6.8 Medium |
| An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device's Wi-Fi access point. | ||||
| CVE-2020-11532 | 1 Zohocorp | 2 Manageengine Adaudit Plus, Manageengine Datasecurity Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user. | ||||
| CVE-2020-11489 | 2 Intel, Nvidia | 3 Bmc Firmware, Dgx-1, Dgx-2 | 2024-11-21 | 7.5 High |
| NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure. | ||||
| CVE-2020-10552 | 1 Psyprax | 1 Psyprax | 2024-11-21 | 8.1 High |
| An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well. | ||||
| CVE-2020-10279 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2024-11-21 | 9.8 Critical |
| MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks. | ||||
| CVE-2020-0416 | 1 Google | 1 Android | 2024-11-21 | 8.8 High |
| In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585 | ||||