Skip to main content
CVE-2020-10280 HIGH This Week

The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Mir100 Firmware Mir200 Firmware Mir250 Firmware +7
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-10273 HIGH This Week

MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-10274 HIGH This Week

The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-10277 MEDIUM This Month

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2020-4323 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Secret Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4413 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Security Secret Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-4342 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4341 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-4327 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-15025 MEDIUM PATCH This Month

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Ntp Leap Cloud Backup Steelstore Cloud Integrated Storage +12
NVD
CVSS 3.1
4.9
EPSS
3.4%
CVE-2020-10278 MEDIUM This Month

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
4.6
EPSS
1.0%
CVE-2020-4322 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-15011 MEDIUM PATCH This Month

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Mailman Ubuntu Linux Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.9%
CVE-2020-15005 LOW PATCH Monitor

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass PHP Mediawiki Fedora Debian Linux
NVD
CVSS 3.1
3.1
EPSS
1.3%
CVE-2020-4071 LOW PATCH Monitor

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Django Basic Auth Ip Whitelist
NVD GitHub
CVSS 3.1
2.4
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy