Security Vulnerabilities - CVEs Published In June 2020
An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin and client scripts allow an attacker to execute arbitrary JavaScript code.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-29
An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts.
CVSS Score
9.8
EPSS Score
0.027
Published
2020-06-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-06-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-06-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-06-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-06-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-06-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-06-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-06-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-06-29