|
210781
|
7.5 |
HIGH
Network
|
grundfos
|
cim_500_firmware
|
Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10605
|
2024-11-21 13:55 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210782
|
9.8 |
CRITICAL
Network
|
abb
|
robotware
|
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't em…
|
CWE-287
Improper Authentication
|
CVE-2020-10288
|
2024-11-21 13:55 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210783
|
8.8 |
HIGH
Adjacent
|
ufactory
|
xarm_5_lite_firmware
xarm_6_firmware
xarm_7_firmware
|
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible fil…
|
CWE-269
Improper Privilege Management
|
CVE-2020-10286
|
2024-11-21 13:55 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210784
|
9.8 |
CRITICAL
Network
|
ufactory
|
xarm_5_lite_firmware
|
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts t…
|
CWE-331
Insufficient Entropy
|
CVE-2020-10285
|
2024-11-21 13:55 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210785
|
9.8 |
CRITICAL
Network
|
abb
|
irb140_firmware
irc5_firmware
|
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-10287
|
2024-11-21 13:55 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210786
|
9.1 |
CRITICAL
Network
|
ufactory
|
xarm_studio
|
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio …
|
NVD-CWE-noinfo
|
CVE-2020-10284
|
2024-11-21 13:55 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210787
|
7.5 |
HIGH
Network
|
samba
fedoraproject
opensuse
debian
|
samba
fedora
leap
debian_linux
|
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-10745
|
2024-11-21 13:55 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210788
|
6.5 |
MEDIUM
Network
|
samba
redhat
opensuse
fedoraproject
debian
|
samba
storage
leap
fedora
debian_linux
|
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped wit…
|
CWE-476
CWE-416
NULL Pointer Dereference
Use After Free
|
CVE-2020-10730
|
2024-11-21 13:55 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210789
|
9.8 |
CRITICAL
Network
|
dronecode
|
micro_air_vehicle_link
|
The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorize…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10282
|
2024-11-21 13:55 |
2020-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210790
|
7.5 |
HIGH
Network
|
dronecode
|
micro_air_vehicle_link
|
This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MA…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-10281
|
2024-11-21 13:55 |
2020-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
