Export limit exceeded: 80157 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80157 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7009 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 8.8 High |
| Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges. | ||||
| CVE-2020-7008 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2024-11-21 | 7.5 High |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources. | ||||
| CVE-2020-7006 | 1 Systech | 4 Nds-5000, Nds-5000 Firmware, Nds\/5008rm and 1 more | 2024-11-21 | 8.4 High |
| Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution. | ||||
| CVE-2020-7005 | 1 Honeywell | 1 Win-pak | 2024-11-21 | 8.8 High |
| In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-7004 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2024-11-21 | 8.8 High |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application. | ||||
| CVE-2020-7003 | 1 Moxa | 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more | 2024-11-21 | 7.5 High |
| In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text. | ||||
| CVE-2020-7002 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 7.8 High |
| Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file. | ||||
| CVE-2020-7001 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2024-11-21 | 7.5 High |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. | ||||
| CVE-2020-7000 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2024-11-21 | 7.5 High |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface. | ||||
| CVE-2020-6997 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2024-11-21 | 7.5 High |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. | ||||
| CVE-2020-6993 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2024-11-21 | 7.5 High |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization. | ||||
| CVE-2020-6988 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2024-11-21 | 7.5 High |
| Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials. | ||||
| CVE-2020-6987 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2024-11-21 | 7.5 High |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. | ||||
| CVE-2020-6986 | 1 Omron | 4 Plc Cj1, Plc Cj1 Firmware, Plc Cj2 and 1 more | 2024-11-21 | 7.5 High |
| In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result. | ||||
| CVE-2020-6984 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2024-11-21 | 7.5 High |
| Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. | ||||
| CVE-2020-6983 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2024-11-21 | 7.5 High |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered. | ||||
| CVE-2020-6982 | 1 Honeywell | 1 Win-pak | 2024-11-21 | 8.8 High |
| In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. | ||||
| CVE-2020-6979 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2024-11-21 | 7.5 High |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. | ||||
| CVE-2020-6978 | 1 Honeywell | 1 Win-pak | 2024-11-21 | 7.2 High |
| In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries. | ||||
| CVE-2020-6971 | 1 Emerson | 1 Valvelink | 2024-11-21 | 7.8 High |
| In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. | ||||