Total
1281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26829 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-04 | 10.0 Critical |
| SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely. | ||||
| CVE-2020-26824 | 1 Sap | 1 Solution Manager | 2024-08-04 | 10.0 Critical |
| SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service. | ||||
| CVE-2020-26821 | 1 Sap | 1 Solution Manager | 2024-08-04 | 10.0 Critical |
| SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service. | ||||
| CVE-2020-26822 | 1 Sap | 1 Solution Manager | 2024-08-04 | 10.0 Critical |
| SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service. | ||||
| CVE-2020-26649 | 1 Atomx | 1 Atomxcms 2 | 2024-08-04 | 8.1 High |
| AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php | ||||
| CVE-2020-26567 | 1 Dlink | 2 Dsr-250n, Dsr-250n Firmware | 2024-08-04 | 5.5 Medium |
| An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes. | ||||
| CVE-2020-26599 | 1 Google | 1 Android | 2024-08-04 | 5.3 Medium |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020). | ||||
| CVE-2020-26173 | 1 Tangro | 1 Business Workflow | 2024-08-04 | 3.1 Low |
| An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token. No further authentication is required. | ||||
| CVE-2020-26061 | 1 Clickstudios | 1 Passwordstate | 2024-08-04 | 7.5 High |
| ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user. | ||||
| CVE-2020-25824 | 1 Telegram | 1 Telegram Desktop | 2024-08-04 | 2.4 Low |
| Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files. | ||||
| CVE-2020-25747 | 1 Rubetek | 6 Rv-3406, Rv-3406 Firmware, Rv-3409 and 3 more | 2024-08-04 | 9.4 Critical |
| The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings. | ||||
| CVE-2020-25697 | 1 X.org | 1 X Server | 2024-08-04 | 7.0 High |
| A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to. | ||||
| CVE-2020-25634 | 1 Redhat | 2 3scale, 3scale Api Management | 2024-08-04 | 5.4 Medium |
| A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected. | ||||
| CVE-2020-25621 | 1 Solarwinds | 1 N-central | 2024-08-04 | 8.4 High |
| An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords. | ||||
| CVE-2020-25563 | 1 Sapphireims | 1 Sapphireims | 2024-08-04 | 9.8 Critical |
| In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID. | ||||
| CVE-2020-25566 | 1 Sapphireims | 1 Sapphireims | 2024-08-04 | 9.8 Critical |
| In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64(desired password). | ||||
| CVE-2020-25228 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2024-08-04 | 9.8 Critical |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port. | ||||
| CVE-2020-25218 | 1 Grandstream | 14 Grp2612, Grp2612 Firmware, Grp2612p and 11 more | 2024-08-04 | 9.8 Critical |
| Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. | ||||
| CVE-2020-25048 | 1 Google | 1 Android | 2024-08-04 | 4.6 Medium |
| An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020). | ||||
| CVE-2020-24580 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-08-04 | 7.5 High |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user. | ||||