Total
1281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13695 | 1 Quickbox | 1 Quickbox | 2024-08-04 | 7.2 High |
| In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file. | ||||
| CVE-2020-13529 | 4 Fedoraproject, Netapp, Redhat and 1 more | 5 Fedora, Active Iq Unified Manager, Cloud Backup and 2 more | 2024-08-04 | 6.1 Medium |
| An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. | ||||
| CVE-2020-13382 | 1 Os4ed | 1 Opensis | 2024-08-04 | 9.1 Critical |
| openSIS through 7.4 has Incorrect Access Control. | ||||
| CVE-2020-13405 | 1 Microweber | 1 Microweber | 2024-08-04 | 7.5 High |
| userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. | ||||
| CVE-2020-13289 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 5.4 Medium |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated. | ||||
| CVE-2020-13150 | 1 Dlink | 2 Dsl-2750u, Dsl-2750u Firmware | 2024-08-04 | 7.8 High |
| D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | ||||
| CVE-2020-12877 | 1 Veritas | 1 Aptare | 2024-08-04 | 7.5 High |
| Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. | ||||
| CVE-2020-12720 | 1 Vbulletin | 1 Vbulletin | 2024-08-04 | 9.8 Critical |
| vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | ||||
| CVE-2020-12621 | 1 Teamwire | 1 Teamwire | 2024-08-04 | 6.1 Medium |
| The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component. | ||||
| CVE-2020-12478 | 1 Teampass | 1 Teampass | 2024-08-04 | 7.5 High |
| TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files. | ||||
| CVE-2020-12106 | 1 Stengg | 2 Vpncrypt M10, Vpncrypt M10 Firmware | 2024-08-04 | 9.8 Critical |
| The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point. | ||||
| CVE-2020-12266 | 1 Wavlink | 30 Jetstream Ac3000, Jetstream Ac3000 Firmware, Jetstream Erac3000 and 27 more | 2024-08-04 | 7.5 High |
| An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000 | ||||
| CVE-2020-12127 | 1 Wavlink | 2 Wn530h4, Wn530h4 Firmware | 2024-08-04 | 7.5 High |
| An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. | ||||
| CVE-2020-12117 | 1 Moxa | 2 Nport 5100a, Nport 5100a Firmware | 2024-08-04 | 5.3 Medium |
| Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect. | ||||
| CVE-2020-12017 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2024-08-04 | 9.8 Critical |
| GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system. | ||||
| CVE-2020-12004 | 1 Inductiveautomation | 1 Ignition Gateway | 2024-08-04 | 7.5 High |
| The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | ||||
| CVE-2020-11969 | 1 Apache | 1 Tomee | 2024-08-04 | 9.8 Critical |
| If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5. | ||||
| CVE-2020-11961 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2024-08-04 | 7.5 High |
| Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication | ||||
| CVE-2020-11856 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-08-04 | 9.8 Critical |
| Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR. | ||||
| CVE-2020-11946 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-04 | 7.5 High |
| Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. | ||||