CVE-2020-9278
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL.
Source: CVE-2020-9278
[월:] 2020년 04월
CVE-2020-9277
CVE-2020-9277
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication.
Source: CVE-2020-9277
CVE-2020-9279
CVE-2020-9279
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device.
Source: CVE-2020-9279
CVE-2019-19108
CVE-2019-19108
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
Source: CVE-2019-19108
CVE-2020-11010
CVE-2020-11010
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts).
Source: CVE-2020-11010
CVE-2020-11944
CVE-2020-11944
Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception.
Source: CVE-2020-11944
CVE-2020-11946
CVE-2020-11946
Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.
Source: CVE-2020-11946
CVE-2020-10935
CVE-2020-10935
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.
Source: CVE-2020-10935
CVE-2020-9070
CVE-2020-9070
Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user’s identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application to exploit this vulnerability. Successful exploit may cause some information disclosure.
Source: CVE-2020-9070
CVE-2020-9444
CVE-2020-9444
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
Source: CVE-2020-9444