Export limit exceeded: 14303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10389 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10389 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10598 | 1 Bd | 4 Pyxis Anesthesia Station Es, Pyxis Anesthesia Station Es Firmware, Pyxis Medstation Es and 1 more | 2024-11-21 | 6.1 Medium |
| In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data. | ||||
| CVE-2020-10581 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 7.5 High |
| Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application. | ||||
| CVE-2020-10573 | 1 Meetecho | 1 Janus | 2024-11-21 | 7.5 High |
| An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge. | ||||
| CVE-2020-10286 | 1 Ufactory | 6 Xarm 5 Lite, Xarm 5 Lite Firmware, Xarm 6 and 3 more | 2024-11-21 | 8.8 High |
| the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation. | ||||
| CVE-2020-10284 | 1 Ufactory | 1 Xarm Studio | 2024-11-21 | 9.1 Critical |
| No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session. | ||||
| CVE-2020-10277 | 3 Easyrobotics, Mobile-industrial-robots, Uvd-robots | 20 Er-flex, Er-flex Firmware, Er-lite and 17 more | 2024-11-21 | 6.4 Medium |
| There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine. | ||||
| CVE-2020-10271 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2024-11-21 | 9.8 Critical |
| MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS). | ||||
| CVE-2020-10238 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. | ||||
| CVE-2020-10143 | 1 Macrium | 1 Reflect | 2024-11-21 | 7.8 High |
| Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | ||||
| CVE-2020-10139 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | ||||
| CVE-2020-10138 | 1 Acronis | 2 Cyber Backup, Cyber Protect | 2024-11-21 | 7.8 High |
| Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | ||||
| CVE-2020-10130 | 1 Searchblox | 1 Searchblox | 2024-11-21 | 8.8 High |
| SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. | ||||
| CVE-2020-10089 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, | ||||
| CVE-2020-10027 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.8 High |
| An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | ||||
| CVE-2020-10024 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.8 High |
| The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | ||||
| CVE-2020-0621 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.4 Medium |
| A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'. | ||||
| CVE-2020-0586 | 1 Intel | 1 Server Platform Services | 2024-11-21 | 7.8 High |
| Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. | ||||
| CVE-2020-0561 | 4 Intel, Linux, Microsoft and 1 more | 5 Software Guard Extensions Sdk, Linux Kernel, Windows and 2 more | 2024-11-21 | 7.8 High |
| Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0529 | 1 Intel | 158 Core I5-7200u, Core I5-7200u Firmware, Core I5-7260u and 155 more | 2024-11-21 | 7.8 High |
| Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0522 | 1 Intel | 6 Ethernet Controller I210-at, Ethernet Controller I210-cl, Ethernet Controller I210-cs and 3 more | 2024-11-21 | 4.4 Medium |
| Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. | ||||