Total
23728 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-14070 | 1 Mk-auth | 1 Mk-auth | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access. | |||||
CVE-2020-6852 | 1 Cacagoo | 2 Tv-288zd-2mp, Tv-288zd-2mp Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required. | |||||
CVE-2020-11898 | 1 Treck | 1 Tcp\/ip | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak. | |||||
CVE-2019-12126 | 1 Onap | 1 Open Network Automation Platform | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | |||||
CVE-2020-24029 | 1 Forlogic | 1 Qualiex | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. | |||||
CVE-2020-15473 | 1 Ntop | 1 Ndpi | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c. | |||||
CVE-2020-3850 | 1 Apple | 1 Mac Os X | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
CVE-2020-12007 | 2 Iconics, Mitsubishielectric | 11 Bizviz, Energy Analytix, Facility Analytix and 8 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. | |||||
CVE-2020-4415 | 1 Ibm | 1 Spectrum Protect | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990. | |||||
CVE-2020-8159 | 2 Debian, Rubyonrails | 2 Debian Linux, Actionpack Page-caching | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. | |||||
CVE-2020-11998 | 2 Apache, Oracle | 7 Activemq, Communications Diameter Signaling Router, Communications Element Manager and 4 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13 | |||||
CVE-2020-11817 | 1 Rukovoditel | 1 Rukovoditel | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenance Mode setting. | |||||
CVE-2020-24561 | 1 Trendmicro | 1 Serverprotect | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. | |||||
CVE-2020-5868 | 1 F5 | 1 Big-iq Centralized Management | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. | |||||
CVE-2020-11543 | 1 Opsramp | 1 Gateway | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 where an administrator and a system user accounts are the only available user accounts for the gateway appliance. | |||||
CVE-2020-10083 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied. | |||||
CVE-2020-6284 | 1 Sap | 1 Netweaver Knowledge Management | 2023-12-10 | 8.5 HIGH | 9.0 CRITICAL |
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting. | |||||
CVE-2020-17479 | 1 Json Pattern Validator Project | 1 Json Pattern Validator | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array. | |||||
CVE-2020-10827 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. | |||||
CVE-2020-13901 | 1 Meetecho | 1 Janus | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow. |