Export limit exceeded: 346625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78974 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-16276 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 8.8 High |
| An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. | ||||
| CVE-2020-16273 | 1 Arm | 2 Armv8-m, Armv8-m Firmware | 2024-11-21 | 7.8 High |
| In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure application if the stack is not initialized. This vulnerability affects only the software that is based on Armv8-M processors with the Security Extension. | ||||
| CVE-2020-16268 | 1 1e | 1 Client | 2024-11-21 | 8.8 High |
| The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user. | ||||
| CVE-2020-16267 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. | ||||
| CVE-2020-16262 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 7.8 High |
| Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation. | ||||
| CVE-2020-16260 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 7.5 High |
| Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation. | ||||
| CVE-2020-16258 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 7.1 High |
| Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials. | ||||
| CVE-2020-16256 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 8.8 High |
| The API on Winston 1.5.4 devices is vulnerable to CSRF. | ||||
| CVE-2020-16253 | 1 Pghero Project | 1 Pghero | 2024-11-21 | 8.1 High |
| The PgHero gem through 2.6.0 for Ruby allows CSRF. | ||||
| CVE-2020-16251 | 2 Hashicorp, Redhat | 3 Vault, Openshift, Openshift Data Foundation | 2024-11-21 | 8.2 High |
| HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. | ||||
| CVE-2020-16250 | 2 Hashicorp, Redhat | 3 Vault, Openshift, Openshift Data Foundation | 2024-11-21 | 8.2 High |
| HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. | ||||
| CVE-2020-16244 | 1 Ge | 1 Asset Performance Management Classic | 2024-11-21 | 7.2 High |
| GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords. | ||||
| CVE-2020-16243 | 1 We-con | 1 Levistudiou | 2024-11-21 | 7.8 High |
| Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. | ||||
| CVE-2020-16236 | 1 Panasonic | 1 Fpwin Pro | 2024-11-21 | 7.8 High |
| FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-16234 | 1 Fatek | 1 Winproladder | 2024-11-21 | 7.8 High |
| In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-16233 | 1 Wibu | 1 Codemeter | 2024-11-21 | 7.5 High |
| An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. | ||||
| CVE-2020-16229 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.8 High |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | ||||
| CVE-2020-16227 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 7.8 High |
| Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | ||||
| CVE-2020-16225 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 7.8 High |
| Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | ||||
| CVE-2020-16223 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 7.8 High |
| Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | ||||