|
209411
|
6.5 |
MEDIUM
Network
|
hcltechsw
|
onetest_performance
|
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-14247
|
2024-11-21 14:02 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209412
|
7.5 |
HIGH
Network
|
hcltechsw
|
onetest_performance
|
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-14246
|
2024-11-21 14:02 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209413
|
9.8 |
CRITICAL
Network
|
hcltechsw
|
onetest_performance
|
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-14245
|
2024-11-21 14:02 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209414
|
7.5 |
HIGH
Network
|
hcltech
|
digital_experience
|
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditio…
|
NVD-CWE-noinfo
|
CVE-2020-14255
|
2024-11-21 14:02 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209415
|
4.9 |
MEDIUM
Network
|
hcltech
|
digital_experience
|
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.
|
NVD-CWE-noinfo
|
CVE-2020-14221
|
2024-11-21 14:02 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209416
|
4.3 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. …
|
CWE-200
Information Exposure
|
CVE-2020-14192
|
2024-11-21 14:02 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209417
|
7.5 |
HIGH
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-13860
|
2024-11-21 14:02 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209418
|
9.8 |
CRITICAL
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the…
|
CWE-287
CWE-755
Improper Authentication
Improper Handling of Exceptional Conditions
|
CVE-2020-13859
|
2024-11-21 14:02 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209419
|
9.8 |
CRITICAL
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passw…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-13858
|
2024-11-21 14:02 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209420
|
7.5 |
HIGH
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request.
|
NVD-CWE-noinfo
|
CVE-2020-13857
|
2024-11-21 14:02 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
