Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1838 | 1 Huawei | 2 Mate 30 Pro, Mate 30 Pro Firmware | 2020-07-09 | 1.9 LOW | 5.5 MEDIUM |
| HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential. | |||||
| CVE-2017-6967 | 1 Neutrinolabs | 1 Xrdp | 2020-07-08 | 7.5 HIGH | 7.3 HIGH |
| xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. | |||||
| CVE-2020-10278 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2020-07-06 | 5.0 MEDIUM | 4.6 MEDIUM |
| The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image. | |||||
| CVE-2018-10683 | 1 Redhat | 1 Wildfly | 2020-06-30 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: the Security Realms documentation in the product's Admin Guide indicates that "without a security realm reference" implies "effectively unsecured." The vendor explicitly supports these unsecured configurations because they have valid use cases during development. | |||||
| CVE-2017-18906 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 4.9 MEDIUM | 8.1 HIGH |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account. | |||||
| CVE-2018-21246 | 1 Caddyserver | 1 Caddy | 2020-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode. | |||||
| CVE-2016-11072 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. | |||||
| CVE-2016-11074 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. | |||||
| CVE-2017-18919 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation. | |||||
| CVE-2018-21263 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response. | |||||
| CVE-2017-18908 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. | |||||
| CVE-2020-14455 | 1 Mattermost | 1 Mattermost Desktop | 2020-06-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007. | |||||
| CVE-2020-3361 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2020-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site. | |||||
| CVE-2020-2018 | 1 Paloaltonetworks | 1 Pan-os | 2020-06-23 | 9.3 HIGH | 9.0 CRITICAL |
| An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue does not affect Panorama configured with custom certificates authentication for communication between Panorama and managed devices. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. | |||||
| CVE-2020-9076 | 1 Huawei | 6 P30, P30 Firmware, P30 Pro and 3 more | 2020-06-20 | 4.0 MEDIUM | 6.8 MEDIUM |
| HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. | |||||
| CVE-2020-9099 | 1 Huawei | 18 Ips Module, Ips Module Firmware, Ngfw Module and 15 more | 2020-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. | |||||
| CVE-2020-3216 | 1 Cisco | 1 Ios Xe Sd-wan | 2020-06-10 | 7.2 HIGH | 6.8 MEDIUM |
| A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device. | |||||
| CVE-2018-21235 | 1 Foxitsoftware | 1 E-mail Advertising System | 2020-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer. | |||||
| CVE-2013-5119 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 6.8 MEDIUM | N/A |
| Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token. | |||||
| CVE-2020-1833 | 1 Huawei | 2 Honor 9x, Honor 9x Firmware | 2020-06-01 | 2.1 LOW | 2.4 LOW |
| Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an improper authentication vulnerability. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without unlock the phone. | |||||