Total
1228 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25563 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID. | |||||
| CVE-2020-25228 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port. | |||||
| CVE-2020-25218 | 1 Grandstream | 14 Grp2612, Grp2612 Firmware, Grp2612p and 11 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. | |||||
| CVE-2020-25048 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020). | |||||
| CVE-2020-24580 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-11-21 | 5.4 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user. | |||||
| CVE-2020-24363 | 1 Tp-link | 2 Tl-wa855re, Tl-wa855re Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. | |||||
| CVE-2020-24217 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution. | |||||
| CVE-2020-24051 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user. | |||||
| CVE-2020-23648 | 1 Asus | 2 Rt-n12e, Rt-n12e Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication. | |||||
| CVE-2020-23512 | 1 Vr Cam | 2 P1, P1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication. | |||||
| CVE-2020-23448 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed. | |||||
| CVE-2020-21997 | 1 Smartwares | 2 Home Easy, Home Easy Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control. | |||||
| CVE-2020-21996 | 1 Ave | 13 53ab-wbs, 53ab-wbs Firmware, Dominaplus and 10 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario. | |||||
| CVE-2020-21936 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication. | |||||
| CVE-2020-21934 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where authentication to download the Syslog could be bypassed. | |||||
| CVE-2020-20627 | 1 Givewp | 1 Givewp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. | |||||
| CVE-2020-20472 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site. | |||||
| CVE-2020-1955 | 1 Apache | 1 Couchdb | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue. | |||||
| CVE-2020-1813 | 1 Huawei | 2 P30, P30 Firmware | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Due to improper authentication of specific interface, in specific scenario attackers could access specific interface without authentication. Successful exploit could allow the attacker to perform unauthorized operations. | |||||
| CVE-2020-19670 | 1 Niushop | 1 Niushop | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords. | |||||