Total
11436 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7588 | 1 Siemens | 13 Opcenter Execution Discrete, Opcenter Execution Foundation, Opcenter Execution Process and 10 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. | |||||
| CVE-2020-7526 | 1 Apc | 1 Powerchute | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event. | |||||
| CVE-2020-7518 | 1 Schneider-electric | 1 Easergy Builder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. | |||||
| CVE-2020-7504 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent. | |||||
| CVE-2020-7472 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. (This is exploitable even after installation is completed.). | |||||
| CVE-2020-7459 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer. | |||||
| CVE-2020-7454 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module. | |||||
| CVE-2020-7253 | 1 Mcafee | 1 Agent | 2024-11-21 | 2.1 LOW | 5.7 MEDIUM |
| Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility. | |||||
| CVE-2020-7137 | 1 Hpe | 2 Superdome Flex Server, Superdome Flex Server Firmware | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue. | |||||
| CVE-2020-7071 | 3 Debian, Netapp, Php | 3 Debian Linux, Clustered Data Ontap, Php | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL. | |||||
| CVE-2020-7070 | 7 Canonical, Debian, Fedoraproject and 4 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. | |||||
| CVE-2020-7069 | 8 Canonical, Debian, Fedoraproject and 5 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 6.4 MEDIUM | 5.4 MEDIUM |
| In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. | |||||
| CVE-2020-7058 | 1 Cacti | 1 Cacti | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm. | |||||
| CVE-2020-6977 | 1 Ge | 32 Invenia Abus Scan Station, Invenia Abus Scan Station Firmware, Logiq E10 and 29 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5 | |||||
| CVE-2020-6965 | 1 Gehealthcare | 18 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape B450 Monitor and 15 more | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package. | |||||
| CVE-2020-6963 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-6962 | 1 Gehealthcare | 18 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape B450 Monitor and 15 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution. | |||||
| CVE-2020-6933 | 1 Blackberry | 1 Unified Endpoint Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service. | |||||
| CVE-2020-6879 | 1 Zte | 4 Zxhn F670l, Zxhn F670l Firmware, Zxhn Z500 and 1 more | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2. | |||||
| CVE-2020-6868 | 1 Zte | 2 F680, F680 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6 | |||||