|
209291
|
6.8 |
MEDIUM
Physics
|
winstonprivacy
|
winston_firmware
|
Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access.
|
CWE-284
Improper Access Control
|
CVE-2020-16261
|
2024-11-21 14:07 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209292
|
7.5 |
HIGH
Network
|
winstonprivacy
|
winston_firmware
|
Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation.
|
CWE-862
Missing Authorization
|
CVE-2020-16260
|
2024-11-21 14:07 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209293
|
9.8 |
CRITICAL
Network
|
winstonprivacy
|
winston_firmware
|
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.
|
NVD-CWE-noinfo
|
CVE-2020-16259
|
2024-11-21 14:07 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209294
|
7.1 |
HIGH
Local
|
winstonprivacy
|
winston_firmware
|
Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-16258
|
2024-11-21 14:07 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209295
|
8.8 |
HIGH
Network
|
winstonprivacy
|
winston_firmware
|
The API on Winston 1.5.4 devices is vulnerable to CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2020-16256
|
2024-11-21 14:07 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209296
|
9.8 |
CRITICAL
Network
|
winstonprivacy
|
winston_firmware
|
Winston 1.5.4 devices are vulnerable to command injection via the API.
|
CWE-78
OS Command
|
CVE-2020-16257
|
2024-11-21 14:07 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209297
|
7.5 |
HIGH
Network
|
arista
|
eos
|
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DH…
|
NVD-CWE-noinfo
|
CVE-2020-17355
|
2024-11-21 14:07 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209298
|
7.3 |
HIGH
Local
|
ghisler
|
total_commander
|
An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIV…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-17381
|
2024-11-21 14:07 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209299
|
6.1 |
MEDIUM
Network
|
ge
|
s2020_firmware
s2024_firmware
|
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious Java…
|
-
|
CVE-2020-16246
|
2024-11-21 14:07 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209300
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10
|
<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbi…
|
NVD-CWE-noinfo
|
CVE-2020-17022
|
2024-11-21 14:07 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
