Security Vulnerabilities - CVEs Published In 2020
An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-12-28
An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-12-28
An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-12-28
dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-12-28
dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-12-28
dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-12-28
dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-12-28
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234.
CVSS Score
7.2
EPSS Score
0.005
Published
2020-12-28
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-12-28
FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password.
CVSS Score
6.8
EPSS Score
0.0
Published
2020-12-28