ReportizFlow
Filtered by vendor
Subscriptions
Total
1344 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27985 | 1 Securityonionsolutions | 1 Security Onion | 2024-11-21 | 7.8 High |
| Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup. | ||||
| CVE-2020-27902 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 4.6 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication. | ||||
| CVE-2020-27376 | 1 Drtrustusa | 2 Icheck Connect Bp Monitor Bp Testing 118, Icheck Connect Bp Monitor Bp Testing 118 Firmware | 2024-11-21 | 8.8 High |
| Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication. | ||||
| CVE-2020-27285 | 1 Redlion | 1 Crimson | 2024-11-21 | 9.1 Critical |
| The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication. | ||||
| CVE-2020-27225 | 2 Eclipse, Redhat | 2 Platform, Devtools | 2024-11-21 | 7.8 High |
| In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | ||||
| CVE-2020-27019 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2024-11-21 | 5.5 Medium |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. | ||||
| CVE-2020-26876 | 1 Wpcoursesplugin | 1 Wp-courses | 2024-11-21 | 7.5 High |
| The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because show_in_rest is enabled for custom post types (e.g., /wp-json/wp/v2/course and /wp-json/wp/v2/lesson exist). | ||||
| CVE-2020-26829 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 10.0 Critical |
| SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely. | ||||
| CVE-2020-26824 | 1 Sap | 1 Solution Manager | 2024-11-21 | 10.0 Critical |
| SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service. | ||||
| CVE-2020-26823 | 1 Sap | 1 Solution Manager | 2024-11-21 | 10.0 Critical |
| SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service. | ||||
| CVE-2020-26822 | 1 Sap | 1 Solution Manager | 2024-11-21 | 10.0 Critical |
| SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service. | ||||
| CVE-2020-26821 | 1 Sap | 1 Solution Manager | 2024-11-21 | 10.0 Critical |
| SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service. | ||||
| CVE-2020-26649 | 1 Atomx | 1 Atomxcms 2 | 2024-11-21 | 8.1 High |
| AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php | ||||
| CVE-2020-26599 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020). | ||||
| CVE-2020-26567 | 1 Dlink | 2 Dsr-250n, Dsr-250n Firmware | 2024-11-21 | 5.5 Medium |
| An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes. | ||||
| CVE-2020-26192 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 7.8 High |
| Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default. | ||||
| CVE-2020-26173 | 1 Tangro | 1 Business Workflow | 2024-11-21 | 3.1 Low |
| An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token. No further authentication is required. | ||||
| CVE-2020-26061 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 7.5 High |
| ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user. | ||||
| CVE-2020-25966 | 1 Sectona | 1 Spectra | 2024-11-21 | 7.5 High |
| Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system. | ||||
| CVE-2020-25824 | 1 Telegram | 1 Telegram Desktop | 2024-11-21 | 2.4 Low |
| Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files. | ||||