Total
1111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27986 | 1 Sonarsource | 1 Sonarqube | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it." | |||||
| CVE-2020-27888 | 1 Ui | 4 Unifi Controller, Unifi Controller Firmware, Unifi Meshing Access Point and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access. | |||||
| CVE-2020-27839 | 1 Redhat | 1 Ceph | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2020-27831 | 1 Redhat | 1 Quay | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications. | |||||
| CVE-2020-27781 | 2 Fedoraproject, Redhat | 5 Fedora, Ceph, Ceph Storage and 2 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0. | |||||
| CVE-2020-27747 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
| An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account. | |||||
| CVE-2020-27688 | 1 Robware | 1 Rvtools | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances. | |||||
| CVE-2020-27646 | 1 Biscom | 1 Secure File Transfer | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft. | |||||
| CVE-2020-27555 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user. | |||||
| CVE-2020-27413 | 1 Mahadiscom | 1 Mahavitaran | 2024-11-21 | 1.9 LOW | 4.2 MEDIUM |
| An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application. | |||||
| CVE-2020-27270 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
| SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE). | |||||
| CVE-2020-27258 | 1 Sooil | 4 Anydana-a, Anydana-i, Dana Diabecare Rs and 1 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy. | |||||
| CVE-2020-26906 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 8.3 HIGH | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-26905 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 3.3 LOW | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-26904 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 3.3 LOW | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-26903 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 3.3 LOW | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-26900 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 3.3 LOW | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2020-26897 | 1 Netgear | 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more | 2024-11-21 | 8.3 HIGH | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. | |||||
| CVE-2020-26550 | 1 Aviatrix | 1 Controller | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. | |||||
| CVE-2020-26515 | 1 Intland | 1 Codebeamer Application Lifecycle Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key. | |||||