|
214031
|
6.8 |
MEDIUM
Physics
|
mi
|
xiaomi_xiaoai_speaker_pro_lx06_firmware
|
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on th…
|
NVD-CWE-noinfo
|
CVE-2020-10262
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214032
|
6.1 |
MEDIUM
Network
|
hms-networks
|
ewon_flexy_firmware
ewon_cosy_firmware
|
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password …
|
CWE-79
Cross-site Scripting
|
CVE-2020-10633
|
2024-11-21 13:55 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214033
|
7.5 |
HIGH
Network
|
logicaldoc
|
logicaldoc
|
LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365.
|
CWE-22
Path Traversal
|
CVE-2020-10366
|
2024-11-21 13:55 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214034
|
7.5 |
HIGH
Network
|
universal-robots
|
ur_software
|
Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-10267
|
2024-11-21 13:55 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214035
|
8.1 |
HIGH
Network
|
universal-robots
|
ur\+
|
UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity c…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-10266
|
2024-11-21 13:55 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214036
|
9.4 |
CRITICAL
Network
|
universal-robots
|
ur_software
|
Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10265
|
2024-11-21 13:55 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214037
|
8.8 |
HIGH
Adjacent
|
universal-robots
|
ur_software
|
CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10264
|
2024-11-21 13:55 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214038
|
7.8 |
HIGH
Local
|
visam
|
vbase_editor
vbase_web-remote
|
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism throu…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-10601
|
2024-11-21 13:55 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214039
|
9.8 |
CRITICAL
Network
|
visam
|
vbase_web-remote
vbase_editor
|
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service conditio…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-10599
|
2024-11-21 13:55 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214040
|
6.8 |
MEDIUM
Adjacent
|
eclipse
|
che
|
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access t…
|
NVD-CWE-Other
|
CVE-2020-10689
|
2024-11-21 13:55 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
