|
212061
|
8.8 |
HIGH
Network
|
advantech
|
webaccess\/nms
|
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
|
CWE-78
OS Command
|
CVE-2020-10603
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212062
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess\/nms
|
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10621
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212063
|
7.8 |
HIGH
Local
|
tencent
|
qqbrowser
|
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote u…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-10551
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212064
|
6.8 |
MEDIUM
Physics
|
mi
|
xiaomi_xiaoai_speaker_pro_lx06_firmware
|
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogu…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10263
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212065
|
6.8 |
MEDIUM
Physics
|
mi
|
xiaomi_xiaoai_speaker_pro_lx06_firmware
|
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on th…
|
NVD-CWE-noinfo
|
CVE-2020-10262
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212066
|
6.1 |
MEDIUM
Network
|
hms-networks
|
ewon_flexy_firmware
ewon_cosy_firmware
|
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password …
|
CWE-79
Cross-site Scripting
|
CVE-2020-10633
|
2024-11-21 13:55 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212067
|
7.5 |
HIGH
Network
|
logicaldoc
|
logicaldoc
|
LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365.
|
CWE-22
Path Traversal
|
CVE-2020-10366
|
2024-11-21 13:55 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212068
|
7.5 |
HIGH
Network
|
universal-robots
|
ur_software
|
Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-10267
|
2024-11-21 13:55 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212069
|
8.1 |
HIGH
Network
|
universal-robots
|
ur\+
|
UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity c…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-10266
|
2024-11-21 13:55 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212070
|
9.4 |
CRITICAL
Network
|
universal-robots
|
ur_software
|
Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10265
|
2024-11-21 13:55 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
