Total
1396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35190 | 1 Plone | 1 Plone | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35189 | 1 Kong | 1 Kong Alpine Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35187 | 1 Influxdata | 1 Telegraf | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35186 | 1 Docker | 1 Adminer | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35185 | 1 Docker | 1 Ghost Alpine Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35184 | 1 Docker | 1 Composer Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-29551 | 1 Urve | 1 Urve | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
| An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php, _internal/pc/wake.php, _internal/error_u201409.txt, _internal/runcmd.php, _internal/getConfiguration.php, ews/autoload.php, ews/del.php, ews/mod.php, ews/sync.php, utils/backup/backup_server.php, utils/backup/restore_server.php, MyScreens/timeline.config, kreator.html5/test.php, and addedlogs.txt. | |||||
| CVE-2020-29389 | 1 Docker | 1 Crux Linux Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password. | |||||
| CVE-2020-28899 | 1 Zyxel | 6 Lte4506-m606, Lte4506-m606 Firmware, Lte7460-m608 and 3 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network. | |||||
| CVE-2020-27376 | 1 Drtrustusa | 2 Icheck Connect Bp Monitor Bp Testing 118, Icheck Connect Bp Monitor Bp Testing 118 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication. | |||||
| CVE-2020-27285 | 1 Redlion | 1 Crimson | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication. | |||||
| CVE-2020-27272 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
| SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE. | |||||
| CVE-2020-27225 | 1 Eclipse | 1 Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | |||||
| CVE-2020-26567 | 1 Dlink | 2 Dsr-250n, Dsr-250n Firmware | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes. | |||||
| CVE-2020-26192 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default. | |||||
| CVE-2020-25966 | 1 Sectona | 1 Spectra | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system." | |||||
| CVE-2020-25697 | 1 X.org | 1 X Server | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to. | |||||
| CVE-2020-25634 | 1 Redhat | 2 3scale, 3scale Api Management | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected. | |||||
| CVE-2020-25566 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64(desired password). | |||||
| CVE-2020-25563 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID. | |||||