Export limit exceeded: 79697 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79697 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10657 | 1 Proofpoint | 1 Insider Threat Management Server | 2024-11-21 | 7.2 High |
| The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker (with admin or config-admin privileges in the console) to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization. | ||||
| CVE-2020-10649 | 2 Asus, Microsoft | 2 Device Activation, Windows 10 | 2024-11-21 | 7.8 High |
| DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | ||||
| CVE-2020-10648 | 2 Denx, Opensuse | 2 U-boot, Leap | 2024-11-21 | 7.8 High |
| Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration. | ||||
| CVE-2020-10646 | 1 Fujielectric | 1 V-server | 2024-11-21 | 7.8 High |
| Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. | ||||
| CVE-2020-10644 | 1 Inductiveautomation | 1 Ignition Gateway | 2024-11-21 | 7.5 High |
| The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | ||||
| CVE-2020-10642 | 1 Rockwellautomation | 1 Rslinx Classic | 2024-11-21 | 7.8 High |
| In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. | ||||
| CVE-2020-10641 | 1 Inductiveautomation | 1 Ignition Gateway | 2024-11-21 | 7.5 High |
| An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition. | ||||
| CVE-2020-10639 | 1 Eaton | 2 Hmisoft Vu3, Hmisoft Vu3 Firmware | 2024-11-21 | 7.8 High |
| Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could cause a buffer overflow when loaded by the affected product. | ||||
| CVE-2020-10629 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 7.5 High |
| WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files. | ||||
| CVE-2020-10628 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2024-11-21 | 7.5 High |
| ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. | ||||
| CVE-2020-10627 | 1 Insulet | 2 Omnipod Insulin Management System, Omnipod Insulin Management System Firmware | 2024-11-21 | 7.3 High |
| Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. | ||||
| CVE-2020-10626 | 2 Fazecast, Schneider-electric | 2 Jserialcomm, Ecostruxure It Gateway | 2024-11-21 | 7.8 High |
| In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code. | ||||
| CVE-2020-10624 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2024-11-21 | 7.5 High |
| ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. | ||||
| CVE-2020-10622 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 7.8 High |
| LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users | ||||
| CVE-2020-10617 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 7.5 High |
| There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | ||||
| CVE-2020-10616 | 1 Opto22 | 1 Softpac Project | 2024-11-21 | 8.8 High |
| Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. | ||||
| CVE-2020-10615 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-11-21 | 7.5 High |
| Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability. | ||||
| CVE-2020-10613 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-11-21 | 7.5 High |
| Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets. | ||||
| CVE-2020-10610 | 1 Osisoft | 9 Pi Api, Pi Buffer Subsystem, Pi Connector and 6 more | 2024-11-21 | 7.8 High |
| In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. | ||||
| CVE-2020-10609 | 1 Grundfos | 1 Cim 500 | 2024-11-21 | 7.5 High |
| Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. | ||||