Export limit exceeded: 79370 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79370 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24685 | 1 Abb | 3 Ac500 Cpu Firmware, Pm573-eth, Pm583-eth | 2024-11-21 | 8.6 High |
| An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions. | ||||
| CVE-2020-24680 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 7 High |
| In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. | ||||
| CVE-2020-24679 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 7.5 High |
| A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted. | ||||
| CVE-2020-24678 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 8.8 High |
| An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges. | ||||
| CVE-2020-24677 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 8.8 High |
| Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. | ||||
| CVE-2020-24676 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 7.8 High |
| In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as. | ||||
| CVE-2020-24674 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 8.8 High |
| In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines. | ||||
| CVE-2020-24671 | 1 Tracefinanacial | 1 Crestbridge | 2024-11-21 | 8.8 High |
| Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. | ||||
| CVE-2020-24667 | 1 Tracefinanacial | 1 Crestbridge | 2024-11-21 | 8.8 High |
| Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. | ||||
| CVE-2020-24659 | 5 Canonical, Fedoraproject, Gnu and 2 more | 5 Ubuntu Linux, Fedora, Gnutls and 2 more | 2024-11-21 | 7.5 High |
| An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. | ||||
| CVE-2020-24658 | 1 Arm | 1 Arm Compiler | 2024-11-21 | 7.8 High |
| Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to (above) any vulnerable arrays in the stack. The guard value is checked for corruption on function return; corruption leads to an error-handler call. In certain circumstances, the reference value that is compared against the guard value is itself also written to the stack (after any vulnerable arrays). The reference value is written to the stack when the function runs out of registers to use for other temporary data. If both the reference value and the guard value are written to the stack, then the stack protection will fail to spot corruption when both values are overwritten with the same value. For both the reference value and the guard value to be corrupted, there would need to be both a buffer overflow and a buffer underflow in the vulnerable arrays (or some other vulnerability that causes two separated stack entries to be corrupted). | ||||
| CVE-2020-24641 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 7.5 High |
| In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface. | ||||
| CVE-2020-24638 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 7.2 High |
| Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system. | ||||
| CVE-2020-24637 | 1 Arubanetworks | 15 7005, 7008, 7010 and 12 more | 2024-11-21 | 7.2 High |
| Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | ||||
| CVE-2020-24635 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | 7.2 High |
| A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | ||||
| CVE-2020-24632 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 7.2 High |
| A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | ||||
| CVE-2020-24631 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 7.2 High |
| A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | ||||
| CVE-2020-24630 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-24628 | 1 Hpe | 2 Kvm Ip Console Switch G2, Kvm Ip Console Switch G2 Firmware | 2024-11-21 | 8.8 High |
| A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | ||||
| CVE-2020-24625 | 1 Hpe | 1 Utility Computing Service Meter | 2024-11-21 | 7.5 High |
| Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | ||||