Total
3555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9070 | 1 Huawei | 2 Taurus-al00b, Taurus-al00b Firmware | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application to exploit this vulnerability. Successful exploit may cause some information disclosure. | |||||
| CVE-2020-9068 | 1 Huawei | 2 Ar3200, Ar3200 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. | |||||
| CVE-2020-9066 | 1 Huawei | 2 Oxfordp-an10b, Oxfordp-an10b Firmware | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. | |||||
| CVE-2020-9064 | 1 Huawei | 2 Honor V30, Honor V30 Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. | |||||
| CVE-2020-9049 | 1 Johnsoncontrols | 2 C-cure Web, Victor Web | 2024-11-21 | 5.7 MEDIUM | 7.1 HIGH |
| A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack. | |||||
| CVE-2020-8994 | 1 Mi | 2 Mdz-25-dt, Mdz-25-dt Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, eavesdrop on users and record what XIAOMI AI speaker hears, delete the entire XIAOMI AI speaker system, modify system files, stop voice assistant service, start the XIAOMI AI speaker’s SSH service as a backdoor | |||||
| CVE-2020-8953 | 1 Openvpn | 1 Openvpn Access Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication). | |||||
| CVE-2020-8863 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470. | |||||
| CVE-2020-8862 | 1 Dlink | 2 Dap-2610, Dap-2610 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082. | |||||
| CVE-2020-8861 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9554. | |||||
| CVE-2020-8828 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere. | |||||
| CVE-2020-8771 | 1 Wptimecapsule | 1 Wp Time Capsule | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts. | |||||
| CVE-2020-8714 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8713 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2020-8709 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2020-8708 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2020-8685 | 1 Intel | 1 Led Manager For Nuc | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Improper authentication in subsystem for Intel (R) LED Manager for NUC before version 1.2.3 may allow privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-8664 | 1 Cncf | 1 Envoy | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump. | |||||
| CVE-2020-8606 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. | |||||
| CVE-2020-8595 | 2 Istio, Redhat | 3 Istio, Enterprise Linux, Openshift Service Mesh | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. | |||||