CVE-2020-27278

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface...

Information disclosure

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerability in the ventilator allows attackers with physical access to the configuration interface's logs to get valid checksums for tampered configuration files...

CVE-2020-27290

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerability in the ventilator allows attackers with physical access to the configuration interface's logs to get valid checksums for tampered configuration files...

Hamilton-medical Hamilton-T1 Trust Management Issues Vulnerability

The Hamilton-medical Hamilton-T1 is an industrial control device from Hamilton-medical USA. It combines the functionality of a full-featured ICU ventilator with the compactness and ruggedness required for transport Functionality. A trust management issue vulnerability exists in the Hamilton-medic...

CVE-2020-13859

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...

CVE-2020-13859

CVE-2020-13859 affects Mofi Network MOFI4500-4GXeLTE devices running 4.0.8-std. A format error in /etc/shadow plus a logic bug in the LuCI/OpenWrt configuration interface enables the undocumented user account “mofidev” to access cgi-bin/luci/quick/wizard without a password via a forgotten-passwor...

CVE-2020-13859

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...

Zammad 代码问题漏洞

Zammad is a Web-based open source helpdesk/customer support system. An information disclosure vulnerability exists in Zammad versions prior to 3.4.1. The vulnerability stems from the way Massenversand's implementation of the SMS configuration interface presents the results of test requests to the...

CVE-2020-6879

Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule...

Design/Logic Flaw

Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule...

CVE-2020-3982

VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG, Workstation 15.x, Fusion 11.x before 11.5.6 contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative...

Huawei Data Communication: Read current-configuration configuration interface

Get the current configurations for the interfaces of the VRP device. Note: This script only stores information for other Policy Controls. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2020-13124

SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system...

CVE-2020-13124

SABnzbd 2.3.9 and 3.0.0Alpha2 expose a command-injection vulnerability via the web configuration interface that allows an authenticated user to execute arbitrary Python commands on the underlying OS. The provided documents identify the affected versions and vulnerability class but do not specify ...

Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4225-2)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4225-2 advisory. USN-4225-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.10. This update provides the corresponding updates for the Linux Hardware Enablement H...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE X204RNA HSR, SCALANCE X204RNA PRP, SCALANCE X204RNA EEC HSR, SCALANCE X204RNA EEC PRP, SCALANCE X204RNA EEC PRP/HSR, SCALANCE X302-7 EEC 230V, SCALANCE X302-7 EEC 230V, coated, SCALANCE X302-7 EEC 24V, SCALANCE X302-7 EEC 24V, coated, SCALANCE X302-...

CVE-2019-13933

CVE-2019-13933 affects Siemens SCALANCE X switches (multiple models including X-200RNA, X-300 family, XR324, XR324-4M, etc.). The root cause is an unauthenticated access vulnerability in the device web configuration interface that allows a remote attacker to bypass access-control rules by sending...

USN-4226-1: Linux kernel vulnerabilities

Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. CVE-2019-10220 It was discovered that a heap-based buffer overflow existed in the...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4226-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4226-1 advisory. Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling ...

USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module Cross-Site Scripting Vulnerability

USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module is a low power serial wireless WIFI module from China's USR Internet of Things Technology USR IOT. A cross-site scripting vulnerability exists in the configuration web interface in the USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module. The...