Total
23790 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8598 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. | |||||
CVE-2020-24007 | 1 Umanni | 1 Human Resources | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | |||||
CVE-2020-9277 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication. | |||||
CVE-2020-12019 | 1 Advantech | 1 Webaccess | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | |||||
CVE-2020-12006 | 1 Advantech | 1 Webaccess | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | |||||
CVE-2020-10547 | 1 Rconfig | 1 Rconfig | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
CVE-2020-5884 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring. | |||||
CVE-2019-19208 | 1 Codiad | 1 Codiad | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Codiad Web IDE through 2.8.4 allows PHP Code injection. | |||||
CVE-2020-11716 | 1 Panasonic | 12 Eluga Ray 530, Eluga Ray 530 Firmware, Eluga Ray 600 and 9 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support." | |||||
CVE-2020-12883 | 1 Arm | 1 Mbed Os | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the option delta and option length bytes. The actual input packet length is not verified against the number of bytes read when processing the option extended delta and the option extended length. Moreover, the calculation of the message_left variable, in the case of non-extended option deltas, is incorrect and indicates more data left for processing than provided in the function input. All of these lead to heap-based or stack-based memory location read access that is outside of the intended boundary of the buffer. Depending on the platform-specific memory management mechanisms, it can lead to processing of unintended inputs or system memory access violation errors. | |||||
CVE-2020-6265 | 1 Sap | 2 Commerce, Commerce Data Hub | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials. | |||||
CVE-2020-7673 | 1 Node-extend Project | 1 Node-extend | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `eval` function, resulting in code execution. | |||||
CVE-2020-1615 | 1 Juniper | 2 Junos, Vmx | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue affects Juniper Networks Junos OS: 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX; 17.2 versions prior to 17.2R3-S3 on vMX; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX; 17.4 versions prior to 17.4R2-S9, 17.4R3 on vMX; 18.1 versions prior to 18.1R3-S9 on vMX; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on vMX; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D60 on vMX; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on vMX; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on vMX; 19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3 on vMX; 19.2 versions prior to 19.2R1-S3, 19.2R2 on vMX; 19.3 versions prior to 19.3R1-S1, 19.3R2 on vMX. | |||||
CVE-2020-10285 | 1 Ufactory | 2 Xarm 5 Lite, Xarm 5 Lite Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access. | |||||
CVE-2020-11656 | 5 Netapp, Oracle, Siemens and 2 more | 12 Ontap Select Deploy Administration Utility, Communications Messaging Server, Communications Network Charging And Control and 9 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | |||||
CVE-2020-4459 | 1 Ibm | 1 Security Secret Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395. | |||||
CVE-2019-6203 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic. | |||||
CVE-2020-24376 | 1 Free | 10 Freebox Delta, Freebox Delta Firmware, Freebox Mini and 7 more | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3. | |||||
CVE-2020-24208 | 1 Online Shopping Alphaware Project | 1 Online Shopping Alphaware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters. | |||||
CVE-2020-14501 | 1 Advantech | 1 Iview | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account. |