|
210511
|
7.5 |
HIGH
Network
|
dovecot
debian
fedoraproject
|
dovecot
debian_linux
fedora
|
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
|
CWE-20
Improper Input Validation
|
CVE-2020-25275
|
2024-11-21 14:17 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210512
|
8.8 |
HIGH
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a sessio…
|
CWE-384
Session Fixation
|
CVE-2020-25198
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210513
|
9.8 |
CRITICAL
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-25196
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210514
|
8.8 |
HIGH
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administ…
|
CWE-269
Improper Privilege Management
|
CVE-2020-25194
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210515
|
5.3 |
MEDIUM
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.
|
CWE-200
Information Exposure
|
CVE-2020-25192
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210516
|
9.8 |
CRITICAL
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-25190
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210517
|
7.5 |
HIGH
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
|
CWE-521
Weak Password Requirements
|
CVE-2020-25153
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210518
|
9.8 |
CRITICAL
Network
|
treck
|
tcp\/ip
|
A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25066
|
2024-11-21 14:17 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210519
|
7.8 |
HIGH
Local
|
supremocontrol
|
supremo
|
Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename.
|
CWE-269
Improper Privilege Management
|
CVE-2020-25106
|
2024-11-21 14:17 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210520
|
8.8 |
HIGH
Network
|
logrhythm
|
platform_manager
|
LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact …
|
NVD-CWE-Other
|
CVE-2020-25096
|
2024-11-21 14:17 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
