Total
801 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35195 | 1 Docker | 1 Haproxy Docker Image | 2020-12-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35193 | 1 Sonarsource | 1 Sonarqube Docker Image | 2020-12-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35185 | 1 Docker | 1 Ghost Alpine Docker Image | 2020-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35189 | 1 Kong | 1 Kong Alpine Docker Image | 2020-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35190 | 1 Plone | 1 Plone | 2020-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35191 | 1 Drupal | 1 Drupal Docker Images | 2020-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35192 | 1 Hashicorp | 1 Vault | 2020-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35467 | 1 Docker | 1 Docs | 2020-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35468 | 1 Appbase | 1 Streams | 2020-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35469 | 1 Softwareag | 1 Terracotta Server Oss | 2020-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35466 | 1 Blackfire | 1 Blackfire | 2020-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35465 | 1 Fullarmor | 1 Hapi File Share Mount | 2020-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the FullArmor HAPI File Share Mount container may allow the remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35464 | 1 Weave | 1 Cloud Agent | 2020-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35462 | 1 Coscale Agent Project | 1 Coscale Agent | 2020-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35186 | 1 Docker | 1 Adminer | 2020-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35187 | 1 Influxdata | 1 Telegraf | 2020-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35463 | 1 Instana | 1 Dynamic Apm | 2020-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-25228 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2020-12-16 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port. | |||||
| CVE-2020-7540 | 1 Schneider-electric | 46 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 43 more | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests. | |||||
| CVE-2020-3531 | 1 Cisco | 1 Iot Field Network Director | 2020-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information. | |||||