** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-26508PUBLISHED: 2020-11-16The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.
CVE-2020-26509PUBLISHED: 2020-11-16Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service.
CVE-2020-26510PUBLISHED: 2020-11-16Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.
CVE-2020-23489PUBLISHED: 2020-11-16The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.
Support the originator by clicking the read the rest link below.
