Total
376 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-16235 | 1 Emerson | 1 Openenterprise Scada Server | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. | |||||
| CVE-2020-15387 | 1 Broadcom | 2 Brocade Sannav, Fabric Operating System | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. | |||||
| CVE-2020-14481 | 1 Rockwellautomation | 1 Factorytalk View | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. | |||||
| CVE-2020-13785 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. | |||||
| CVE-2020-12872 | 1 Yaws | 1 Yaws | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0. | |||||
| CVE-2020-12714 | 1 Ciphermail | 2 Gateway, Webmail Messenger | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger Virtual Appliances 1.1.1 through 3.1.1-0. A Diffie-Hellman parameter of insufficient size could allow man-in-the-middle compromise of communications between CipherMail products and external SMTP clients. | |||||
| CVE-2020-10919 | 1 Automationdirect | 13 C-more Hmi Ea9 Firmware, Ea9-pgmsw, Ea9-rhmi and 10 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185. | |||||
| CVE-2020-10866 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC. | |||||
| CVE-2020-10636 | 1 Emerson | 1 Openenterprise Scada Server | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. | |||||
| CVE-2020-10554 | 1 Psyprax | 1 Psyprax | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM. | |||||
| CVE-2020-10375 | 1 Newmediacompany | 1 Smarty | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product. | |||||
| CVE-2020-10275 | 3 Easyrobotics, Mobile-industrial-robots, Uvd-robots | 20 Er-flex, Er-flex Firmware, Er-lite and 17 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64(USERNAME:sha256(PASSWORD)). An unauthorized attacker inside the network can use the default credentials to compute the token and interact with the REST API to exfiltrate, infiltrate or delete data. | |||||
| CVE-2020-10244 | 1 Jpaseto Project | 1 Jpaseto | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. | |||||
| CVE-2020-10125 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2024-11-21 | 4.6 MEDIUM | 7.6 HIGH |
| NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code. | |||||
| CVE-2020-0533 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | |||||
| CVE-2019-7648 | 1 Hotels Server Project | 1 Hotels Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage. | |||||
| CVE-2019-6972 | 1 Tp-link | 2 Tl-wr1043nd, Tl-wr1043nd Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the username is cleartext, and the password is hashed with the MD5 algorithm (after decoding of the URL encoded string with base64). | |||||
| CVE-2019-4557 | 1 Ibm | 1 Qradar Advisor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 166206. | |||||
| CVE-2019-4339 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418. | |||||
| CVE-2019-4291 | 1 Ibm | 1 Maximo Anywhere | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ID: 160697. | |||||