From DHS/US-CERT’s National Vulnerability Database
CVE-2020-15357
PUBLISHED: 2020-12-11
Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.
CVE-2020-27508
PUBLISHED: 2020-12-11
In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
CVE-2020-29254
PUBLISHED: 2020-12-11
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-b…
CVE-2020-29589
PUBLISHED: 2020-12-11
Versions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35144
PUBLISHED: 2020-12-11
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
