Export limit exceeded: 18208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80130 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80130 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12511 | 1 Pepperl-fuchs | 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more | 2024-11-21 | 8.8 High |
| Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. | ||||
| CVE-2020-12510 | 1 Beckhoff | 1 Twincat Extended Automation Runtime | 2024-11-21 | 7.3 High |
| The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added. | ||||
| CVE-2020-12505 | 1 Wago | 14 750-831, 750-831 Firmware, 750-852 and 11 more | 2024-11-21 | 8.2 High |
| Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below. | ||||
| CVE-2020-12503 | 2 Korenix, Pepperl-fuchs | 56 Jetnet 4510, Jetnet 4510 Firmware, Jetnet 4706 and 53 more | 2024-11-21 | 7.2 High |
| Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. | ||||
| CVE-2020-12502 | 2 Korenix, Pepperl-fuchs | 46 Jetnet 4510, Jetnet 4510 Firmware, Jetnet 4706 and 43 more | 2024-11-21 | 8.8 High |
| Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration. | ||||
| CVE-2020-12499 | 1 Phoenixcontact | 1 Plcnext Engineer | 2024-11-21 | 8.2 High |
| In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. | ||||
| CVE-2020-12498 | 1 Phoenixcontact | 2 Pc Worx, Pc Worx Express | 2024-11-21 | 7.8 High |
| mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. | ||||
| CVE-2020-12497 | 1 Phoenixcontact | 2 Pc Worx, Pc Worx Express | 2024-11-21 | 7.8 High |
| PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. | ||||
| CVE-2020-12483 | 1 Vivo | 1 Appstore | 2024-11-21 | 8.2 High |
| The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters. | ||||
| CVE-2020-12479 | 1 Teampass | 1 Teampass | 2024-11-21 | 8.8 High |
| TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | ||||
| CVE-2020-12478 | 1 Teampass | 1 Teampass | 2024-11-21 | 7.5 High |
| TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files. | ||||
| CVE-2020-12477 | 1 Teampass | 1 Teampass | 2024-11-21 | 7.5 High |
| The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. | ||||
| CVE-2020-12473 | 1 Mono | 1 Monox | 2024-11-21 | 7.2 High |
| MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. | ||||
| CVE-2020-12470 | 1 Mono | 1 Monox | 2024-11-21 | 7.2 High |
| MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. | ||||
| CVE-2020-12468 | 1 Intelliants | 1 Subrion | 2024-11-21 | 7.8 High |
| Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/. | ||||
| CVE-2020-12463 | 1 Avira | 1 Software Updater | 2024-11-21 | 7.8 High |
| An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files. | ||||
| CVE-2020-12461 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 8.8 High |
| PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query. | ||||
| CVE-2020-12457 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service. | ||||
| CVE-2020-12447 | 1 Onkyo | 2 Tx-nr585, Tx-nr585 Firmware | 2024-11-21 | 7.5 High |
| A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow. | ||||
| CVE-2020-12446 | 1 Gskill | 1 Trident Z Lighting Control | 2024-11-21 | 7.8 High |
| The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM. | ||||