Total
305 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15574 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893. | |||||
| CVE-2020-15509 | 1 Nordicsemi | 2 Android Ble Library, Dfu Library | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler). | |||||
| CVE-2020-15346 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. | |||||
| CVE-2020-15345 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. | |||||
| CVE-2020-15344 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. | |||||
| CVE-2020-15343 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. | |||||
| CVE-2020-15342 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. | |||||
| CVE-2020-15340 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | N/A | 7.5 HIGH |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. | |||||
| CVE-2020-15331 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | N/A | 9.8 CRITICAL |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. | |||||
| CVE-2020-15330 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. | |||||
| CVE-2020-15302 | 1 Argent | 1 Recoverymanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover. | |||||
| CVE-2020-14254 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it. | |||||
| CVE-2020-12772 | 2 Igniterealtime, Microsoft | 2 Spark, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request. This allows an attacker to collect these hashes, crack them, and potentially compromise the computer. (ROAR can be configured for automatic access. Also, access can occur if the user clicks.) | |||||
| CVE-2020-11826 | 1 Appinghouse | 1 Memono | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY table in the memono.sqlite database. | |||||
| CVE-2020-11685 | 1 Jetbrains | 1 Goland | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. | |||||
| CVE-2020-10039 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to the transmitted data. | |||||
| CVE-2019-9862 | 1 Abus | 6 Secvest Wireless Alarm System Fuaa50000, Secvest Wireless Alarm System Fuaa50000 Firmware, Secvest Wireless Remote Control Fube50014 and 3 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state). | |||||
| CVE-2019-9681 | 1 Dahuasecurity | 18 Ipc-hdbw4x2x, Ipc-hdbw4x2x Firmware, Ipc-hdw1x2x and 15 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019. | |||||
| CVE-2019-6518 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. | |||||
| CVE-2019-6169 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. | |||||