Total
1228 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35756 | 1 Librewireless | 2 Ls9, Ls9 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS command. As such, any unauthenticated person with access to port 7777 on the device will be able to leak the user's personal device configuration password by issuing the GETPASS command. | |||||
| CVE-2020-35755 | 1 Librewireless | 2 Ls9, Ls9 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify. | |||||
| CVE-2020-35469 | 1 Softwareag | 1 Terracotta Server Oss | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35468 | 1 Appbase | 1 Streams | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35467 | 1 Docker | 1 Docs | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35466 | 1 Blackfire | 1 Blackfire Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35464 | 1 Weave | 1 Cloud Agent | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35463 | 1 Instana | 1 Dynamic Apm | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35462 | 1 Coscale Agent Project | 1 Coscale Agent | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35226 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 4.8 MEDIUM | 7.1 HIGH |
| NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. | |||||
| CVE-2020-35197 | 1 Docker | 1 Memcached Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35196 | 1 Docker | 1 Rabbitmq Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35195 | 1 Docker | 1 Haproxy Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35193 | 1 Sonarsource | 1 Sonarqube Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35192 | 1 Hashicorp | 1 Vault | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35191 | 1 Drupal | 1 Drupal Docker Images | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35190 | 1 Plone | 1 Plone | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35189 | 1 Kong | 1 Kong Alpine Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35187 | 1 Influxdata | 1 Telegraf | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35186 | 1 Docker | 1 Adminer | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||