|
202991
|
9.1 |
CRITICAL
Network
|
opencrx
|
opencrx
|
CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the pass…
|
CWE-287
Improper Authentication
|
CVE-2020-7378
|
2024-11-21 14:37 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202992
|
7.2 |
HIGH
Network
|
jsen_project
|
jsen
|
This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is…
|
NVD-CWE-noinfo
|
CVE-2020-7777
|
2024-11-21 14:37 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202993
|
6.6 |
MEDIUM
Network
|
netu
|
wf2429tb_firmware
|
Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users.…
|
CWE-20
Improper Input Validation
|
CVE-2020-7842
|
2024-11-21 14:37 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202994
|
6.5 |
MEDIUM
Network
|
schneider-electric
|
webreports
|
A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due …
|
NVD-CWE-Other
|
CVE-2020-7573
|
2024-11-21 14:37 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202995
|
8.8 |
HIGH
Network
|
schneider-electric
|
webreports
|
A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able …
|
-
|
CVE-2020-7572
|
2024-11-21 14:37 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202996
|
5.4 |
MEDIUM
Network
|
schneider-electric
|
webreports
|
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could…
|
-
|
CVE-2020-7571
|
2024-11-21 14:37 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202997
|
5.4 |
MEDIUM
Network
|
schneider-electric
|
webreports
|
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an au…
|
-
|
CVE-2020-7570
|
2024-11-21 14:37 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202998
|
8.8 |
HIGH
Network
|
schneider-electric
|
webreports
|
A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upl…
|
-
|
CVE-2020-7569
|
2024-11-21 14:37 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202999
|
4.3 |
MEDIUM
Adjacent
|
schneider-electric
|
modicon_m221_firmware
|
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when th…
|
-
|
CVE-2020-7568
|
2024-11-21 14:37 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203000
|
5.7 |
MEDIUM
Adjacent
|
schneider-electric
|
modicon_m221_firmware
|
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captu…
|
-
|
CVE-2020-7567
|
2024-11-21 14:37 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
