Export limit exceeded: 342385 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 74822 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74822 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25191 | 1 Ni | 2 Compactrio, Compactrio Firmware | 2024-11-21 | 7.5 High |
| Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely. | ||||
| CVE-2020-25190 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-11-21 | 7.5 High |
| The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. | ||||
| CVE-2020-25188 | 1 Laquisscada | 1 Scada | 2024-11-21 | 7.8 High |
| An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). | ||||
| CVE-2020-25186 | 1 We-con | 1 Levistudiou | 2024-11-21 | 7.5 High |
| An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure. | ||||
| CVE-2020-25185 | 1 Paradox | 2 Ip150, Ip150 Firmware | 2024-11-21 | 8.8 High |
| The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). | ||||
| CVE-2020-25181 | 1 We-con | 1 Plc Editor | 2024-11-21 | 8.8 High |
| WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution. | ||||
| CVE-2020-25177 | 1 We-con | 1 Plc Editor | 2024-11-21 | 8.8 High |
| WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution. | ||||
| CVE-2020-25174 | 1 Bbraun | 1 Onlinesuite Application Package | 2024-11-21 | 7.8 High |
| A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user. | ||||
| CVE-2020-25173 | 1 Reolink | 14 Rlc-410, Rlc-410 Firmware, Rlc-422 and 11 more | 2024-11-21 | 7.8 High |
| An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access | ||||
| CVE-2020-25171 | 1 Fujielectric | 1 V-server | 2024-11-21 | 7.8 High |
| The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-25170 | 1 Bbraun | 1 Onlinesuite Application Package | 2024-11-21 | 7.8 High |
| An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export. | ||||
| CVE-2020-25169 | 1 Reolink | 14 Rlc-410, Rlc-410 Firmware, Rlc-422 and 11 more | 2024-11-21 | 7.5 High |
| The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds. | ||||
| CVE-2020-25165 | 1 Bd | 3 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware, Alaris Systems Manager | 2024-11-21 | 7.5 High |
| BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit. | ||||
| CVE-2020-25161 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
| The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | ||||
| CVE-2020-25157 | 1 Advantech | 1 R-seenet | 2024-11-21 | 7.5 High |
| The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. | ||||
| CVE-2020-25155 | 1 Nexcom | 2 Nio 50, Nio 50 Firmware | 2024-11-21 | 7.5 High |
| The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions). | ||||
| CVE-2020-25151 | 1 Nexcom | 2 Nio 50, Nio 50 Firmware | 2024-11-21 | 7.5 High |
| The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions). | ||||
| CVE-2020-25149 | 1 Observium | 1 Observium | 2024-11-21 | 8.8 High |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php. | ||||
| CVE-2020-25145 | 1 Observium | 1 Observium | 2024-11-21 | 8.8 High |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php. | ||||
| CVE-2020-25144 | 1 Observium | 1 Observium | 2024-11-21 | 8.8 High |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs. | ||||