Export limit exceeded: 35283 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3294 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9349 | 1 Cacagoo | 2 Tv-288zd-2mp, Tv-288zd-2mp Firmware | 2024-11-21 | 7.5 High |
| The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password. | ||||
| CVE-2020-9330 | 1 Xerox | 36 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 33 more | 2024-11-21 | 8.8 High |
| Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP address to a system owned by the actor without knowledge of the LDAP bind credentials. After changing the LDAP connection IP address, subsequent authentication attempts will result in the printer sending plaintext LDAP (Active Directory) credentials to the actor. Although the credentials may belong to a non-privileged user, organizations frequently use privileged service accounts to bind to Active Directory. The attacker gains a foothold on the Active Directory domain at a minimum, and may use the credentials to take over control of the Active Directory domain. This affects 3655*, 3655i*, 58XX*, 58XXi*, 59XX*, 59XXi*, 6655**, 6655i**, 72XX*, 72XXi*, 78XX**, 78XXi**, 7970**, 7970i**, EC7836**, and EC7856** devices. | ||||
| CVE-2020-9325 | 1 Aquaforest | 1 Tiff Server | 2024-11-21 | 7.5 High |
| Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download. | ||||
| CVE-2020-9315 | 1 Oracle | 1 Iplanet Web Server | 2024-11-21 | 7.5 High |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE. | ||||
| CVE-2020-9278 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2024-11-21 | 9.1 Critical |
| An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL. | ||||
| CVE-2020-9275 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials. | ||||
| CVE-2020-9208 | 1 Huawei | 1 Imanager Neteco 6000 | 2024-11-21 | 6.5 Medium |
| There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak. | ||||
| CVE-2020-9143 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.3 Medium |
| There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure. | ||||
| CVE-2020-9062 | 1 Dieboldnixdorf | 2 Probase, Procash 2100xe | 2024-11-21 | 5.3 Medium |
| Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited. | ||||
| CVE-2020-9004 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 8.8 High |
| A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges. This issue was resolved in Wowza Streaming Engine 4.8.5. | ||||
| CVE-2020-8863 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2024-11-21 | 8.8 High |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470. | ||||
| CVE-2020-8861 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-11-21 | 8.8 High |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9554. | ||||
| CVE-2020-8827 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 7.5 High |
| As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. | ||||
| CVE-2020-8790 | 1 Oklok Project | 1 Oklok | 2024-11-21 | 9.8 Critical |
| The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack. | ||||
| CVE-2020-8636 | 1 Opservices | 1 Opmon | 2024-11-21 | 9.8 Critical |
| An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution . | ||||
| CVE-2020-8598 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 9.8 Critical |
| Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. | ||||
| CVE-2020-8558 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 5.4 Medium |
| The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service. | ||||
| CVE-2020-8509 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 High |
| Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. | ||||
| CVE-2020-8497 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 5.3 Medium |
| In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps. | ||||
| CVE-2020-8228 | 2 Nextcloud, Opensuse | 3 Preferred Providers, Backports Sle, Leap | 2024-11-21 | 5.3 Medium |
| A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | ||||