Export limit exceeded: 364448 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364448 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-16258 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 7.1 High |
| Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials. | ||||
| CVE-2020-16257 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 9.8 Critical |
| Winston 1.5.4 devices are vulnerable to command injection via the API. | ||||
| CVE-2020-16256 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 8.8 High |
| The API on Winston 1.5.4 devices is vulnerable to CSRF. | ||||
| CVE-2020-16255 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 6.1 Medium |
| ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.' | ||||
| CVE-2020-16254 | 1 Chartkick Project | 1 Chartkick | 2024-11-21 | 6.1 Medium |
| The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). | ||||
| CVE-2020-16253 | 1 Pghero Project | 1 Pghero | 2024-11-21 | 8.1 High |
| The PgHero gem through 2.6.0 for Ruby allows CSRF. | ||||
| CVE-2020-16252 | 1 Field Test Project | 1 Field Test | 2024-11-21 | 4.3 Medium |
| The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. | ||||
| CVE-2020-16251 | 2 Hashicorp, Redhat | 3 Vault, Openshift, Openshift Data Foundation | 2024-11-21 | 8.2 High |
| HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. | ||||
| CVE-2020-16250 | 2 Hashicorp, Redhat | 3 Vault, Openshift, Openshift Data Foundation | 2024-11-21 | 8.2 High |
| HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. | ||||
| CVE-2020-16248 | 1 Prometheus | 1 Blackbox Exporter | 2024-11-21 | 5.8 Medium |
| Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability | ||||
| CVE-2020-16246 | 1 Ge | 4 S2020, S2020 Firmware, S2024 and 1 more | 2024-11-21 | 6.1 Medium |
| The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. | ||||
| CVE-2020-16245 | 1 Advantech | 1 Iview | 2024-11-21 | 9.8 Critical |
| Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. | ||||
| CVE-2020-16244 | 1 Ge | 1 Asset Performance Management Classic | 2024-11-21 | 7.2 High |
| GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords. | ||||
| CVE-2020-16243 | 1 We-con | 1 Levistudiou | 2024-11-21 | 7.8 High |
| Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. | ||||
| CVE-2020-16242 | 1 Ge | 4 S2020, S2020 Firmware, S2024 and 1 more | 2024-11-21 | 6.1 Medium |
| The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. | ||||
| CVE-2020-16240 | 1 Ge | 1 Asset Performance Management Classic | 2024-11-21 | 5.3 Medium |
| GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges. | ||||
| CVE-2020-16236 | 1 Panasonic | 1 Fpwin Pro | 2024-11-21 | 7.8 High |
| FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-16234 | 1 Fatek | 1 Winproladder | 2024-11-21 | 7.8 High |
| In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-16233 | 1 Wibu | 1 Codemeter | 2024-11-21 | 7.5 High |
| An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. | ||||
| CVE-2020-16230 | 1 Hms-networks | 4 Ewon Cosy, Ewon Cosy Firmware, Ewon Flexy and 1 more | 2024-11-21 | 2.3 Low |
| All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing. | ||||