| Page(s) : 1 ... 15 16 17 18 19 20 21 22 23 24 [25] 26 27 28 29 30 31 32 33 34 35 ... | Result(s) : 171751 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 7.5 | 2020-06-24 | CVE-2020-10280 | cve | The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard. |
| N/A | 2020-06-24 | CVE-2020-10279 | cve | MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for ... |
| N/A | 2020-06-24 | CVE-2020-10278 | cve | The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Maliciou... |
| 6.4 | 2020-06-24 | CVE-2020-10277 | cve | There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escal... |
| N/A | 2020-06-24 | CVE-2020-10276 | cve | The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disablin... |
| 9.8 | 2020-06-24 | CVE-2020-10275 | cve | The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string ... |
| N/A | 2020-06-24 | CVE-2020-10274 | cve | The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-202... |
| N/A | 2020-06-24 | CVE-2020-10273 | cve | MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows at... |
| N/A | 2020-06-24 | CVE-2020-10272 | cve | MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attack... |
| N/A | 2020-06-24 | CVE-2020-10271 | cve | MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is... |
| N/A | 2020-06-24 | CVE-2020-10270 | cve | Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP addres... |
| N/A | 2020-06-24 | CVE-2020-10269 | cve | One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Cre... |
| N/A | 2020-06-23 | CVE-2020-9480 | cve | In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled... |
| 8.1 | 2020-06-23 | CVE-2020-5367 | cve | Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an... |
| 5.4 | 2020-06-23 | CVE-2020-5345 | cve | Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an... |
| 8.1 | 2020-06-23 | CVE-2020-14978 | cve | An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged... |
| 8.1 | 2020-06-23 | CVE-2020-14977 | cve | An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack an... |
| 5.5 | 2020-06-23 | CVE-2020-14976 | cve | GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by print... |
| 7.8 | 2020-06-23 | CVE-2020-14975 | cve | The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124. |
| 7.1 | 2020-06-23 | CVE-2020-14974 | cve | The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124. |
| Page(s) : 1 ... 15 16 17 18 19 20 21 22 23 24 [25] 26 27 28 29 30 31 32 33 34 35 ... | Result(s) : 171751 |
