|
210861
|
9.8 |
CRITICAL
Network
|
abb
|
symphony_\+_historian
symphony_\+_operations
|
In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the …
|
CWE-287
Improper Authentication
|
CVE-2020-24675
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210862
|
8.8 |
HIGH
Network
|
abb
|
symphony_\+_historian
symphony_\+_operations
|
In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, exe…
|
CWE-863
Incorrect Authorization
|
CVE-2020-24674
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210863
|
9.8 |
CRITICAL
Network
|
abb
|
symphony_\+_historian
symphony_\+_operations
|
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the …
|
CWE-89
SQL Injection
|
CVE-2020-24673
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210864
|
8.0 |
HIGH
Adjacent
|
dlink
|
dsl2888a_firmware
|
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an …
|
CWE-78
OS Command
|
CVE-2020-24581
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210865
|
7.5 |
HIGH
Adjacent
|
dlink
|
dsl2888a_firmware
|
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once use…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-24580
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210866
|
8.8 |
HIGH
Adjacent
|
dlink
|
dsl2888a_firmware
|
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.
|
CWE-287
Improper Authentication
|
CVE-2020-24579
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210867
|
6.5 |
MEDIUM
Adjacent
|
dlink
|
dsl2888a_firmware
|
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and do…
|
CWE-427
CWE-732
Uncontrolled Search Path Element
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-24578
|
2024-11-21 14:15 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210868
|
3.3 |
LOW
Local
|
mitel
|
micontact_center_business
|
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization.
|
NVD-CWE-noinfo
|
CVE-2020-24693
|
2024-11-21 14:15 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210869
|
7.2 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity…
|
NVD-CWE-noinfo
|
CVE-2020-24637
|
2024-11-21 14:15 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210870
|
9.8 |
CRITICAL
Network
|
arubanetworks
|
arubaos
sd-wan
|
An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor control…
|
CWE-77
Command Injection
|
CVE-2020-24634
|
2024-11-21 14:15 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
