Total
1281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8509 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-04 | 7.5 High |
| Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. | ||||
| CVE-2020-8598 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-08-04 | 9.8 Critical |
| Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. | ||||
| CVE-2020-7954 | 1 Opservices | 1 Opmon | 2024-08-04 | 7.8 High |
| An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo. | ||||
| CVE-2020-7953 | 1 Opservices | 1 Opmon | 2024-08-04 | 7.5 High |
| An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option. | ||||
| CVE-2020-7964 | 1 Mirumee | 1 Saleor | 2024-08-04 | 5.3 Medium |
| An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer). | ||||
| CVE-2020-7540 | 1 Schneider-electric | 46 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 43 more | 2024-08-04 | 9.8 Critical |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests. | ||||
| CVE-2020-7561 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-08-04 | 9.8 Critical |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | ||||
| CVE-2020-7479 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-08-04 | 7.8 High |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service. | ||||
| CVE-2020-7589 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2024-08-04 | 9.1 Critical |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2020-7115 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-08-04 | 9.8 Critical |
| The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | ||||
| CVE-2020-7128 | 1 Arubanetworks | 1 Airwave Glass | 2024-08-04 | 9.8 Critical |
| A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | ||||
| CVE-2020-7114 | 1 Arubanetworks | 1 Clearpass | 2024-08-04 | 9.8 Critical |
| A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. | ||||
| CVE-2020-7048 | 1 Webfactoryltd | 1 Wp Database Reset | 2024-08-04 | 9.1 Critical |
| The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI. | ||||
| CVE-2020-6964 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2024-08-04 | 8.6 High |
| In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network. | ||||
| CVE-2020-6875 | 1 Zte | 2 Zxone 19700 Snpe, Zxone 19700 Snpe Firmware | 2024-08-04 | 9.8 Critical |
| A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE> | ||||
| CVE-2020-6294 | 2 Opengroup, Sap | 2 Unix, Businessobjects Business Intelligence Platform | 2024-08-04 | 9.1 Critical |
| Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. | ||||
| CVE-2020-6263 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-04 | 9.8 Critical |
| Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass. | ||||
| CVE-2020-6235 | 1 Sap | 1 Solution Manager | 2024-08-04 | 8.6 High |
| SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication. | ||||
| CVE-2020-6170 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-08-04 | 9.8 Critical |
| An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. | ||||
| CVE-2020-6309 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-04 | 7.5 High |
| SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service. | ||||