CVE-2021-27172

An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh...

FiberHome HG6245D devices 信任管理问题漏洞

The HG6245D is an FTTH ONT router from FiberHome. The FiberHome HG6245D is vulnerable to a hard-coded GEPON password vulnerability. The vulnerability stems from a hardcoded GEPON password defined in /etc/init.d/system-config.sh. No detailed vulnerability details are provided at this time...

CVE-2020-6776

A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user Cross-Site Request Forgery...

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user Cross-Site Request Forgery...

Apache Accumulo Access Control Error Vulnerability

Apache Accumulo is a reliable, scalable, high-performance sorted distributed Key-Value storage application from the Apache Foundation. An access control error vulnerability exists in Apache Accumulo versions 1.5.0 through 1.10.0 and 2.0.0 due to an authenticated user failing to properly check the...

CVE-2020-29480

An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest...

Design/Logic Flaw

An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest...

CVE-2020-29480

Xen CVE-2020-29480 affects Xen up to 4.14.x. Xenstore watches lack permission checks, enabling a guest administrator to observe root xenstore notifications for all created, modified, and deleted keys and domain lifecycle events. The watch data may reveal counts/identities of other VMs, domains, d...

CVE-2020-29480

An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest...

D-Link DSR Devices Default Credentials (HTTP)

The remote D-Link DSR device is using known default credentials for the HTTP login. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

DEBIAN-CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

SAP Data Intelligence Information Disclosure Vulnerability

SAP Data Intelligence is an all-encompassing data management solution from SAP. The solution transforms distributed data sprawl into critical data insights that deliver innovation at scale. An information disclosure vulnerability exists in SAP Data Intelligence version 3.0. An attacker could...

The vulnerability of the software-defined Cisco SD-WAN web interface, related to access control deficiencies, allows a hacker to alter the system configuration.

The vulnerability of the software-defined networking web interface of Cisco SD-WAN is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to alter the system configuration remotely...

CVE-2020-26809

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...

CVE-2020-26809

SAP Commerce Cloud (versions 1808, 1811, 1905, 2005) is affected by CVE-2020-26809 where an attacker can bypass authentication/permission checks via the /medias endpoint, gaining access to Secure Media folders and potentially exposing sensitive data. The root cause is not fully detailed beyond th...

CVE-2020-26809

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...

CVE-2020-3588 Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment...

ZeroShell Default Credentials (SSH)

The remote ZeroShell system is using known default credentials for the SSH login. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Information disclosure

Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure...

CVE-2020-9245

The CVE-2020-9245 entry concerns Huawei P30 and P30 Pro smartphones (versions affected prior to 10.1.0.160) with a denial-of-service vulnerability caused by improper authorization. The issue can be triggered by tricking a user into installing and running a malicious app, potentially causing a DoS...