Total
2009 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3448 | 1 Cisco | 1 Cyber Vision Center | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
|
A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is due to insufficient enforcement of access control in the software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow an attacker to impact monitoring of sens ...
Show More |
|||||
| CVE-2020-3402 | 1 Cisco | 1 Unified Customer Voice Portal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected dev ...
Show More |
|||||
| CVE-2020-3392 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices t ...
Show More |
|||||
| CVE-2020-3376 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions withi ...
Show More |
|||||
| CVE-2020-3335 | 1 Cisco | 2 Application Policy Infrastructure Controller, Application Services Engine | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device.
|
|||||
| CVE-2020-3333 | 1 Cisco | 2 Application Policy Infrastructure Controller, Application Services Engine | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could exploit this vulnerability by crafting a malicious HTTP request to contact an affected device. A successful exploit could allow the attacker to update event policies on the affected device.
|
|||||
| CVE-2020-3142 | 1 Cisco | 1 Webex Meetings Online | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by acc ...
Show More |
|||||
| CVE-2020-36724 | 1 Wordable | 1 Wordable | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges.
|
|||||
| CVE-2020-36713 | 1 Inspireui | 1 Mstore Api | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account.
|
|||||
| CVE-2020-36333 | 1 Themegrill | 1 Themegrill Demo Importer | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
|
|||||
| CVE-2020-36245 | 1 Gramaddict | 1 Gramaddict | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network.
|
|||||
| CVE-2020-36239 | 1 Atlassian | 3 Jira Data Center, Jira Service Desk, Jira Service Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserializ ...
Show More |
|||||
| CVE-2020-36125 | 1 Paxtechnology | 1 Paxstore | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly.
|
|||||
| CVE-2020-35951 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 6.4 MEDIUM | 9.9 CRITICAL |
|
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).
|
|||||
| CVE-2020-35758 | 1 Librewireless | 2 Ls9, Ls9 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access privileged functionality. As such, it's possible to directly access APIs that should not be exposed to an unauthenticated user.
|
|||||
| CVE-2020-35757 | 1 Librewireless | 2 Ls9, Ls9 Firmware | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface endpoint. Requests made to this endpoint do not require authentication. As such, any unauthenticated user who is able to access the web interface will be able to gain root privileges on the LS9 module.
|
|||||
| CVE-2020-35756 | 1 Librewireless | 2 Ls9, Ls9 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS command. As such, any unauthenticated person with access to port 7777 on the device will be able to leak the user's personal device configuration password by issuing the GETPASS command.
|
|||||
| CVE-2020-35755 | 1 Librewireless | 2 Ls9, Ls9 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify.
|
|||||
| CVE-2020-35469 | 1 Softwareag | 1 Terracotta Server Oss | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35468 | 1 Appbase | 1 Streams | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35467 | 1 Docker | 1 Docs | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35466 | 1 Blackfire | 1 Blackfire Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35464 | 1 Weave | 1 Cloud Agent | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35463 | 1 Instana | 1 Dynamic Apm | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35462 | 1 Coscale Agent Project | 1 Coscale Agent | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35226 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 4.8 MEDIUM | 7.1 HIGH |
|
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.
|
|||||
| CVE-2020-35197 | 1 Docker | 1 Memcached Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35196 | 1 Docker | 1 Rabbitmq Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35195 | 1 Docker | 1 Haproxy Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35193 | 1 Sonarsource | 1 Sonarqube Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35192 | 1 Hashicorp | 1 Vault | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35191 | 1 Drupal | 1 Drupal Docker Images | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35190 | 1 Plone | 1 Plone | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35189 | 1 Kong | 1 Kong Alpine Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35187 | 1 Influxdata | 1 Telegraf | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35186 | 1 Docker | 1 Adminer | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35185 | 1 Docker | 1 Ghost Alpine Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-35184 | 1 Docker | 1 Composer Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
|
|||||
| CVE-2020-2076 | 1 Sick | 1 Package Analytics | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication.
|
|||||
| CVE-2020-29551 | 1 Urve | 1 Urve | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
|
An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php, _internal/pc/wake.php, _internal/error_u201409.txt, _internal/runcmd.php, _internal/getConfiguration.php, ews/autoload.php, ews/del.php, ews/mod.php, ews/sync.php, utils/backup/backup_server.php, utils/backup/restore_server.php, ...
Show More |
|||||