|
196281
|
8.8 |
HIGH
Adjacent
|
tesla
|
solarcity_solar_monitoring_gateway
|
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user …
|
CWE-798
CWE-522
Use of Hard-coded Credentials
Insufficiently Protected Credentials
|
CVE-2020-9306
|
2024-11-21 14:40 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196282
|
6.5 |
MEDIUM
Adjacent
|
belden
|
hirschmann_hios
|
Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-9307
|
2024-11-21 14:40 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196283
|
4.9 |
MEDIUM
Network
|
huawei
|
manageone
|
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-9205
|
2024-11-21 14:40 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196284
|
6.8 |
MEDIUM
Physics
|
huawei
|
ais-bw80h-00_firmware
|
There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attack…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2020-9118
|
2024-11-21 14:40 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196285
|
5.5 |
MEDIUM
Local
|
epson
|
iprojection
|
In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from I…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-9453
|
2024-11-21 14:40 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196286
|
5.4 |
MEDIUM
Network
|
squaredup
|
squaredup
|
SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9390
|
2024-11-21 14:40 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196287
|
3.7 |
LOW
Network
|
squaredup
|
squaredup
|
A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a dif…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-9389
|
2024-11-21 14:40 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196288
|
6.5 |
MEDIUM
Network
|
squaredup
|
squaredup
|
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page…
|
CWE-352
Origin Validation Error
|
CVE-2020-9388
|
2024-11-21 14:40 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196289
|
8.8 |
HIGH
Network
|
apache
oracle
|
hadoop
solr
financial_services_crime_and_compliance_management_studio
|
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
|
CWE-863
Incorrect Authorization
|
CVE-2020-9492
|
2024-11-21 14:40 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196290
|
6.7 |
MEDIUM
Local
|
huawei
|
smc2.0_firmware
|
There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this v…
|
CWE-862
Missing Authorization
|
CVE-2020-9209
|
2024-11-21 14:40 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
