Total
1396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6235 | 1 Sap | 1 Solution Manager | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication. | |||||
| CVE-2020-6186 | 1 Sap | 1 Host Agent | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. | |||||
| CVE-2020-6170 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. | |||||
| CVE-2020-5870 | 1 F5 | 1 Big-iq Centralized Management | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. | |||||
| CVE-2020-5780 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing. | |||||
| CVE-2020-5589 | 1 Sony | 22 Wf-1000x, Wf-1000x Firmware, Wf-sp700n and 19 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product. | |||||
| CVE-2020-5373 | 1 Dell | 2 Emc Omimssc For Sccm, Emc Omimssc For Scvmm | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device. | |||||
| CVE-2020-5328 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. | |||||
| CVE-2020-5326 | 1 Dell | 348 Chengming 3980, Chengming 3980 Firmware, Embedded Box Pc 5000 and 345 more | 2024-11-21 | 2.1 LOW | 6.1 MEDIUM |
| Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. | |||||
| CVE-2020-4958 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209. | |||||
| CVE-2020-3977 | 1 Vmware | 1 Horizon Daas | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. | |||||
| CVE-2020-3598 | 1 Cisco | 1 Vision Dynamic Signage Director | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to read confidential information or make configuration changes. | |||||
| CVE-2020-3531 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information. | |||||
| CVE-2020-3461 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affected device. | |||||
| CVE-2020-3448 | 1 Cisco | 1 Cyber Vision Center | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is due to insufficient enforcement of access control in the software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow an attacker to impact monitoring of sensors that are managed by the software. | |||||
| CVE-2020-3402 | 1 Cisco | 1 Unified Customer Voice Portal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device. | |||||
| CVE-2020-3392 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication. | |||||
| CVE-2020-3376 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM. | |||||
| CVE-2020-3333 | 1 Cisco | 2 Application Policy Infrastructure Controller, Application Services Engine | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could exploit this vulnerability by crafting a malicious HTTP request to contact an affected device. A successful exploit could allow the attacker to update event policies on the affected device. | |||||
| CVE-2020-3142 | 1 Cisco | 1 Webex Meetings Online | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. This vulnerability affects Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3. | |||||