|
197001
|
8.1 |
HIGH
Adjacent
|
f5
|
big-iq_centralized_management
|
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-5870
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197002
|
9.1 |
CRITICAL
Network
|
f5
|
big-iq_centralized_management
|
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.
|
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
|
CVE-2020-5869
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197003
|
9.8 |
CRITICAL
Network
|
f5
|
big-iq_centralized_management
|
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.
|
CWE-78
OS Command
|
CVE-2020-5868
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197004
|
8.1 |
HIGH
Network
|
f5
netapp
|
nginx_controller
cloud_backup
|
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
|
CWE-319
CWE-494
Cleartext Transmission of Sensitive Information
Download of Code Without Integrity Check
|
CVE-2020-5867
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197005
|
5.5 |
MEDIUM
Local
|
f5
|
nginx_controller
|
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.
|
CWE-200
Information Exposure
|
CVE-2020-5866
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197006
|
4.8 |
MEDIUM
Network
|
f5
netapp
|
nginx_controller
cloud_backup
|
In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-5865
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197007
|
7.4 |
HIGH
Network
|
f5
|
nginx_controller
|
In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-5864
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197008
|
7.5 |
HIGH
Network
|
sharp
|
aquos_sh-m02_firmware
aquos_sh-rm02_firmware
aquos_mini_sh-m03_firmware
aquos_l2_firmware
aquos_sense_lite_sh-m05_firmware
aquos_sense_firmware
aquos_compact_sh-m06_firmware
aquo…
|
SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build num…
|
CWE-200
Information Exposure
|
CVE-2020-5571
|
2024-11-21 14:34 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197009
|
7.8 |
HIGH
Local
|
plex
|
media_server
|
Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-5740
|
2024-11-21 14:34 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197010
|
8.4 |
HIGH
Local
|
toshiba
|
password_tool_for_windows
|
An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-5569
|
2024-11-21 14:34 |
2020-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
