Total
191 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7685 | 1 Umbraco | 1 Umbraco Forms | 2024-11-21 | 5.0 MEDIUM | 5.4 MEDIUM |
| This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies. | |||||
| CVE-2020-26930 | 1 Netgear | 2 Ex7700, Ex7700 Firmware | 2024-11-21 | 5.5 MEDIUM | 3.3 LOW |
| NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings. | |||||
| CVE-2020-24365 | 1 Gemteks | 4 Wrtm-127acn, Wrtm-127acn Firmware, Wrtm-127x9 and 1 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.) | |||||
| CVE-2020-16873 | 2 Google, Microsoft | 2 Chrome, Xamarin.forms | 2024-11-21 | 6.8 MEDIUM | 4.7 MEDIUM |
| <p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.</p> <p>For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.</p> <p>The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.</p> | |||||
| CVE-2020-14011 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features. | |||||
| CVE-2020-13927 | 1 Apache | 1 Airflow | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default | |||||
| CVE-2020-12732 | 1 Depstech | 2 Wifi Digital Microscope 3, Wifi Digital Microscope 3 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. | |||||
| CVE-2020-12327 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2020-10279 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks. | |||||
| CVE-2020-0416 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585 | |||||
| CVE-2019-7668 | 1 Primasystems | 1 Flexair | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Prima Systems FlexAir devices have Default Credentials. | |||||
| CVE-2019-7476 | 1 Sonicwall | 1 Global Management System | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. | |||||
| CVE-2019-7252 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Linear eMerge E3-Series devices have Default Credentials. | |||||
| CVE-2019-5497 | 1 Netapp | 3 Aff A700s, Aff A700s Firmware, Clustered Data Ontap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. | |||||
| CVE-2019-5490 | 1 Netapp | 2 Clustered Data Ontap, Service Processor | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. | |||||
| CVE-2019-5367 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-4621 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883. | |||||
| CVE-2019-4169 | 1 Ibm | 6 Open Power, Power System 8335-gtc, Power System 8335-gtg and 3 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702. | |||||
| CVE-2019-3909 | 1 Identicard | 1 Premisys Id | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention. | |||||
| CVE-2019-3783 | 1 Cloudfoundry | 1 Stratos | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. | |||||