|
209811
|
9.8 |
CRITICAL
Network
|
barco
|
wepresent_wipg-1600w_firmware
|
Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verif…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-28332
|
2024-11-21 14:22 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209812
|
6.5 |
MEDIUM
Network
|
barco
|
wepresent_wipg-1600w_firmware
|
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) c…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-28330
|
2024-11-21 14:22 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209813
|
7.5 |
HIGH
Network
|
barco
|
wepresent_wipg-1600w_firmware
|
Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the …
|
NVD-CWE-Other
|
CVE-2020-28331
|
2024-11-21 14:22 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209814
|
6.5 |
MEDIUM
Network
|
hashicorp
|
nomad
|
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, an…
|
CWE-22
Path Traversal
|
CVE-2020-28348
|
2024-11-21 14:22 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209815
|
9.8 |
CRITICAL
Network
|
private-ip_project
|
private-ip
|
Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN rese…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-28360
|
2024-11-21 14:22 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209816
|
7.8 |
HIGH
Local
|
broadcom
|
unified_infrastructure_management
|
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
|
NVD-CWE-noinfo
|
CVE-2020-28421
|
2024-11-21 14:22 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209817
|
6.5 |
MEDIUM
Network
|
hashicorp
|
consul
|
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
|
CWE-863
Incorrect Authorization
|
CVE-2020-28053
|
2024-11-21 14:22 |
2020-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209818
|
7.8 |
HIGH
Local
|
securityonionsolutions
|
security_onion
|
Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-27985
|
2024-11-21 14:22 |
2020-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209819
|
8.8 |
HIGH
Network
|
schneider-electric
|
ecostruxure_control_expert
|
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution…
|
-
|
CVE-2020-28213
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209820
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
ecostruxure_control_expert
|
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized …
|
-
|
CVE-2020-28212
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
